Domain Control on Users and Devices

Question

We intend to establish full control over which users and devices can access our Microsoft applications and services though we are a cloud environment - all business applications and services are in the cloud (Microsoft and 3rd parties).
how can we implement leverage on Microsoft Azure services to implement access control based on users and devices (corporate and personal)and be able to apply security policies across the users and devices or user groups or device groups?

1. Join /add devices to our domains based on ownership (corporate, personal, and guest)
2. Be able to identify corporate, personal, and guest devices and grant discriminating privileges depending on the device a user is using to access our applications and services.
3. be able to grant discriminating privileges depending on the device and location a user is using to access our applications and services.
4. Guest access management using the user account and authorized devices.

Note: we intend to leverage on capabilities in Microsoft Azure services without making any additional investment in other products

Answer 1

Hi Kayton,

Not sure what license you have but some of the points can be managed leveraged via Microsoft Intune for Mobile Devices, Configuration and Compliance policies can be applied via Intune and it is part of EMS Suite - what-is-intune

High-Level architecture over here - high-level-architecture

Also you will need to leverage and implement Azure Conditional Access Policies for other requirements - have a read and explore as it is a vast topic to discuss over here - overview.

Azure Conditional Access Policy will requires an Azure AD Premium P1 license.

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.