Forum Discussion

Robert Woods's avatar
Robert Woods
Iron Contributor
Jul 01, 2017
Solved

Conditional policies in Azure AD vs. Intune

We would like to implement conditional access policies for a group of our users through Azure AD. Are these policies different from the Conditional access policies available in Intune? Also, I was wo...
Conditional Access
  • Joe Stocker's avatar
    Joe Stocker
    Jul 01, 2017

    I have not found any pitfalls to enabling modern authentication for EXO or Skype for business.

    In my experience, it may take a few days before the setting will take effect for the SFB whereas there doesn't seem to be much delay for it to begin working in EXO.

    One thing you may run into is your Global Admins may struggle to get remote powershell to work after enabling MFA on their accounts. To solve this, download the latest powershell modules for SFB and Exchange.

    Skype Powershell Module Download

    http://go.microsoft.com/fwlink/?LinkId=294688

     

    New Exchange PowerShell Module that supports MFA

    https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

     

    The conditional access for Intune is merging into the Azure AD Premium conditional access in the Azure portal (http://portal.azure.com).

    If you have a device enrolled in Intune, conditional access in Azure AD can leverage that to check compliance.

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal

Robert Woods's avatar
Robert Woods
Iron Contributor
Jul 03, 2017

Thanks Dean_Gross. We want to use the Conditional Policies but just use password sync and not ADFS. I just wanted to triple check that turning on Modern Auth which seems to be required for the conditional policies to work was not going to hose any of my users that are still on 2013 apps.

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Jul 03, 2017

Making decisions like this is always challenging because the requirements keep changing.

Have you seen this announcement? you can try to keep up with the changes at https://docs.microsoft.com/en-us/intune/whats-new.  

Week of June 5, 2017 Microsoft Intune and Conditional Access admin consoles are generally available

We’re announcing the general availability of both the new Intune on Azure admin console and the Conditional Access admin console. Through Intune on Azure, you can now manage all Intune MAM and MDM capabilities in one consolidated admin experience, and leverage Azure AD grouping and targeting. Conditional access in Azure brings rich capabilities across Azure AD and Intune together in one unified console. And from an administrative experience, moving to the Azure platform allows you to use modern browsers

 

 

Resources