Forum Discussion

SebCerazy's avatar
SebCerazy
Iron Contributor
Nov 14, 2022

Conditional Access for Azure AD ONLY joined devices

All my user mobile devices (Windows based) are Azure AD joined (no hybid) The requirement is to allow access to online resources from these devices ONLY & if external to trusted location then do MFA...
MFA
SebCerazy's avatar
SebCerazy
Iron Contributor
Nov 15, 2022
?????

And what would that do to my Conditional Access in Azure?
  • ChristianJBergstrom's avatar
    ChristianJBergstrom
    MVP
    Nov 15, 2022
    CA checks the compliance policies. Don’t allow personal devices to be compliant.
    • SebCerazy's avatar
      SebCerazy
      Iron Contributor
      Nov 15, 2022
      Personal devices (not Azure joined) are NEVER compliant, so that is not an issue!
      But as explained, I can NOT chose just the compliance condition (because that does not work 100% every time, for reasons mentioned).
      • ChristianJBergstrom's avatar
        ChristianJBergstrom
        MVP
        Nov 15, 2022
        Well, if BYOD are never compliant the world would have issues right now. And what's up with the language? This is a community where people help each other.

        I haven't heard of your third-party compliance issue before. Perhaps check with Sophos...

        If filtering of any kind is not an option perhaps you need to look at Defender for Cloud Apps using an Access policy with a Block action.

Resources