Intune Unmanged devices = Block access to all cloud apps

Rohanathan S 21 Reputation points
2022-02-15T05:34:38.64+00:00

Hi Team,

Is there a way to block access to devices that are not managed by Intune?

In conditional access there is an option to Grant "Require Hybrid Azure AD joined device".

However, we are joining devices by Azure AD join. Is there a way to block access when that device is not enrolled with Intune?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,669 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,366 Reputation points
    2022-02-15T06:58:34.96+00:00

    @Rohanathan S Thanks for posting in our Q&A.

    If you want to block unmanged devices to access to cloud apps, it is suggested to select "Require device to be marked as compliant" in conditional access policy.
    https://learn.microsoft.com/en-gb/azure/active-directory/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant

    When the device is enrolled to intune and the device shows compliant, the device can access to cloud apps. When the device is not enrolled to intune or the devices is not compliant, the device can't access to cloud apps.

    Hope it will help.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful