Forum Discussion
Conditional Access Policy Help
Hi,
I am currently working on an InTune Policy to block all non-compliant devices, I have created the policy and also created a conditional access Policy.
The policies are applying BUT you can still access data from the corporate device.
Can you please tell me what i need to do to fix this?
The only condition I have is that the machine is marked as non-compliant, if the device is non-compliant then the device is blocked.
Within InTune the device has been marked as non-compliant but again the conditional access policy isnt working
- cjitsolutionsBrass Contributor
Hi nate009,
What behaviour are you expecting when a device fails the conditional access check?
Have you defined what resources should be blocked when the policy is triggered?
Cheers,
Chris Jacob
- nate009Copper Contributor
cjitsolutions Hi Chris, I have a very simple policy in place that marks the device as non-compliant if the OS is below a certain level.
I have tested this on iOS and Android and the devices are marked as non-compliant in InTune, from there i have logged into Azure and created a conditional access policy which looks for any device that is marked as non-compliant and blocks it. From my understanding this should stop the device from getting email etc but the apps still work fine.
Im very confused as to what ive done wrong?
- cjitsolutionsBrass Contributor
nate009Hi Nate,
You may not have done anything wrong!
My understanding is that you need to define within the policy, what resources will be blocked when the policy is triggered:
https://docs.microsoft.com/en-us/intune/create-conditional-access-intune
So have you specified that the o365 applications you want to block within the conditional access policy you have configured?
Cheers,
Chris Jacob