Forum Discussion

techchirag's avatar
Aug 11, 2016

Preview of Azure AD Conditional Access Policies for devices, users and applications

The folks at Microsoft identity division have just released the preview of Azure AD Conditional Access Policies for devicesm, users and applications in protecting the resource - this includes Office 365!

 

More details on this new feature in the link below.

https://techchirag.com/2016/08/10/preview-of-azuread-conditional-access-policies-for-devices-users-and-applications-office365/

  • Recommend looking into this architecture documentation where you have a good description of the different settings. Intune is device based polices while Azure AD pivots on the identity and the service being accessed. With this new feature for device based access control Azure AD policy can be defined to look for a device, pc that is domain joined, registered or even compliant. The compliant setting requires that the device is enrolled and reported as in compliance by Intune. https://technet.microsoft.com/en-us/library/dn919927.aspx#mobility
  • Paul Bridges's avatar
    Paul Bridges
    Copper Contributor

    So I am currently going through and teaching myself EMS and this article caught my eye as something to keep tabs on. One thing I have noticed that makes EMS so confusing at times is understanding the 5 or 6 different places that you can go in and set policies that sometimes seem to overlap. 

     

    For this example, can you help explain how setting this in Azure is different then setting conditional access in Intune? 

    • Nils van Woensel's avatar
      Nils van Woensel
      Copper Contributor

      All configuration settings for Intune will be migrated to the new Azure Portal.

      Some new features will already be only be configurable in the new Portal.

      So at this moment it is not really different in options, but more where to configure for which service.

       

      Exchange Online/SharePoint Online and some others are supporting Conditional Access since the beginning and are only configurable in Intune. Others like Yammer are just added to support CA and are only configurable in the new Azure Portal. This is not ideal, but has to do with the transferring and i expect "deprecating" the silverlight Intune portal.

       

      The complaince policy still needs to be configured in the Intune Portal.

Resources