Forum Discussion

8i5-5i1's avatar
8i5-5i1
Copper Contributor
Apr 13, 2022

How to block non-enrolled devices

We have recently migrated from Basic Security (O365) to Intune and we're trying to setup a policy to block iOS and Android devices if they are not enrolled with the company portal app. I setup a conditional access policy but it's not affected the test group at all.  

Can someone help with what we are missing here - the test device does not even have the company portal app installed so it's not listed in the devices area of endpoint manager, but email still works.

  • Hi,

    To be sure everything is working as it should, are you also making sure you have enabled the template

     

    Because when you are not blocking legacy auth... conditional access does nothing 🙂 

    "conditional access only works for clients that support modern authentication (ADAL)"

     

     

     

    • 8i5-5i1's avatar
      8i5-5i1
      Copper Contributor

      Rudy_Ooms_MVP 

       

      Hi Rudy, thanks for replying. We already have a conditional access policy to block legacy authentication - is this what you mean?

       

       

      • Mmmm okay so you have configured the compliance policies ....how did you configure the default compliance settings (mark devices without compliance policy as compliant or not compliant)

Resources