Conditional Access Policy - Only allow EntraID Joined devices to access SharePoint Online

Question

HiI have a cloud-only Microsoft 365 Tenant, 40 devices all EntraID joined and I want to only allow users to access SharePoint Online from the EntraID devices and not for example from their home computers.&nbsp;Is this achievable through Conditional Access policies? I see an option for hybrid joined but not&nbsp; EntraID joined&nbsp;&nbsp;

vasilmichev · Answer

Use the "filter for devices" feature: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters

chrissystemagic · Answer

VasilMichev&nbsp;Thats great, looks like I can use this filter&nbsp;&nbsp;

joshb531 · Answer

Hi ThereI am trying to create a Entra ID conditional access policy with the following criteria1. Only grant Access to two cloud apps2. Only allow access from a named location (already created)3. Enforce MFA on each login.4. Only apply to users in Entra ID security group.&nbsp;Been having a bit of nightmare getting this working. The MFA part works fine but I am still being allowed access even if I am not on the Named location. When I check signin logs, it flags I am not on the approved site but its still allowing access.&nbsp;Can any one help.&nbsp;Josh

Forum Discussion

Conditional Access Policy - Only allow EntraID Joined devices to access SharePoint Online

3 Replies

Resources