Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

New Extension Now Available: Conditional Access Based On Operating System Version

yvetteomeally's avatar
yvetteomeally
Icon for Microsoft rankMicrosoft
Sep 08, 2018
First published on CloudBlogs on Nov 02, 2015

Author: Chris Green, Senior Program Manager, Enterprise Client and Mobility

We have heard from many of you through the Microsoft Intune Feedback forums that you need to be able to set operating system requirements for mobile devices in order to ensure that they are secure and up to date.  Today we are making available a new extension that extends the Microsoft Intune Conditional Access feature by adding compliance rules that evaluate the operating system of mobile devices.  Customers can use these new rules either to set a minimum or a maximum operating system version for iOS, Android, Windows and Windows Phone devices that are enrolled with Intune.  Devices that do not meet these rules are blocked from Exchange, Exchange Online, and SharePoint Online through the Microsoft Intune Conditional Access feature.

The extension is called Microsoft System Center 2012 R2 Configuration Manager SP1 Extension for Microsoft Intune: Conditional Access.  Once enabled, administrators can use the new rules by editing an existing Compliance Policy or by creating a new one.  In the Rules section, select Add and then choose “Minimum operating system version” or “Maximum operating system version.”

You can specify a version string that will be evaluated against the operating system version strings of managed devices.  If you do not require a minimum or maximum version for a certain platform, leave it blank.

End-users on devices which do not meet the minimum or maximum operating system requirements will be shown the non-compliance reason as part of the existing Conditional Access user experience in the Intune Company Portal or the Intune Web Portal.  The user will be told the minimum or maximum version, and in the case of not meeting the minimum version will be given a link to instructions on how to upgrade their device.

This feature will also be coming to Intune Standalone soon.  Please watch the Intune blog for that announcement.

To learn more about conditional access for Exchange Online, check out this blog post on the Intune blog .

For additional technical resources on Conditional Access, visit TechNet here .

Installing Extensions

The Conditional Access extension will appear as a new item in the Extensions for Microsoft Intune node in the Configuration Manager console. To install this extension, select this extension and then click Enable . For more information about extensions, see http://technet.microsoft.com/en-us/library/dn574730.aspx

Please note the two requirements for Configuration Manager:


--  Chris Green


Configuration Manager Resources

Documentation Library for System Center 2012 Configuration Manager

System Center 2012 Configuration Manager Forums

System Center 2012 Configuration Manager Survival Guide

System Center Configuration Manager Support

Submit Configuration Manager Product Ideas

Report Configuration Manager Product Issues

This posting is provided "AS IS" with no warranties and confers no rights.

Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment