Forum Discussion
Any Intune polices applicable for personal Laptops, that are not enrolled to Microsoft Intune
Hi All, I have a requirement, where i will provide the AVD machines to vendors, using that AVD machines they will access my applications, but they will use their windows machines and home internet...
- Conditional Access Policies: Even without Intune enrollment, you can implement device checks through Conditional Access when users register their devices in Entra ID:
- Require compliant browsers
- Check OS versions
- Enforce MFA
- Set location-based conditions
- Azure AD Registration + Device Health Attestation:
- # You can configure Device Health Attestation settings via PowerShell
Set-MsolDeviceRegistrationServicePolicy -EnableDeviceRegistration $true - Client Requirements via RDP Client Settings:
- # Example of setting minimum RDP client version requirement
Set-RDSessionCollectionConfiguration -CollectionName "Collection" -MinimumRDPVersion "10.0" - Security Baseline through Group Policy: Although not enrolled in Intune, you can create and enforce security requirements for the RDP connection:
- TLS requirements
- Encryption levels
- Client device health checks
Here are specific controls you can implement:
- For Entra ID registered devices:
- Device compliance state verification
- Risk-based conditional access
- Browser security requirements
- Certificate-based authentication
- For AVD connection security:
- Enforce specific client versions
- Require secure protocols
- Implement network level authentication
- Enable session monitoring
- Additional Security Measures:
- Web Application Proxy/Azure AD App Proxy
- Just-in-Time access
- Session time limits
- IP-based restrictions