Forum Discussion
Conditional Access not working with specified parameters
We are trying to restrict access to O365 and any use of the O365 apps in a personal macOS device even if it's enrolled with Intune. This means that only macOS devices with Corporate ownership are allowed
However, whenever I try to test it on a personally owned macOS that is enrolled in Intune, I am able to access it still even if the conditional access action is set to Block.
This is what I have for the conditional access policy, but it's not working. Maybe I am misunderstanding something or I am missing something?
1 Reply
The operatingSystem value isn't right, it must be a valid operating system there (device.operatingSystem -eq "valid operating system").
When using the above Block exclude company devices. If using a Grant exclude the personal devices.
You can also work with filters in EndPoint Manager/Intune under Tenant administration - Filters and using those in a compliance policy which in turn CA can check when configured.
