Forum Discussion

Deleted's avatar
Deleted
Sep 14, 2017

Conditional policies in Azure AD vs. Intune

We are planning to deploy ODB for about 10000 users.

The main issue right now is controlling the access and dealing with compliance.

 

There are a few things that I need some clarification on;

The end goal here is to have MFA prompts for internal/external users who try access SPO/ODB from outside of trusted networks, regardless of the devices being managed/unmanaged.

 

First;

We already have MFA set up over here with DUO Mobile Security; Can the same MFA be used for O365 when users access resources outside of the trusted network?

 

Secondly;

For Device management (MDM) there is Airwatch in place already that has all the managed devices registered.

 

We are intending to use Azure Conditional access control for this scenario but the documentation says that the MDM used for this is Intune, my question is can the current MDM Airwatch be used to feed information to Azure AD policies about a device being compliant or not?

 

This is what we intend to apply to control access from unmanaged devices that are not on the network.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-technical-reference

Resources