Forum Discussion

nate009's avatar
nate009
Copper Contributor
Jul 11, 2019

Conditional Access Policy Help

Hi,

 

I am currently working on an InTune Policy to block all non-compliant devices, I have created the policy and also created a conditional access Policy.

The policies are applying BUT you can still access data from the corporate device.

Can you please tell me what i need to do to fix this?

 

The only condition I have is that the machine is marked as non-compliant, if the device is non-compliant then the device is blocked.

 

Within InTune the device has been marked as non-compliant but again the conditional access policy isnt working

  • cjitsolutions's avatar
    cjitsolutions
    Brass Contributor

    Hi nate009,

     

    What behaviour are you expecting when a device fails the conditional access check?

     

    Have you defined what resources should be blocked when the policy is triggered?

     

    Cheers,

    Chris Jacob

    • nate009's avatar
      nate009
      Copper Contributor

      cjitsolutions  Hi Chris, I have a very simple policy in place that marks the device as non-compliant if the OS is below a certain level.

       

      I have tested this on iOS and Android and the devices are marked as non-compliant in InTune, from there i have logged into Azure and created a conditional access policy which looks for any device that is marked as non-compliant and blocks it. From my understanding this should stop the device from getting email etc but the apps still work fine.

       

      Im very confused as to what ive done wrong?

       

       

       

       

Resources