Forum Discussion
How to restrict user mail login using device base conditional policy of intune
Hi intune community,
I want user in my organization to access mailbox only using their own device only.
* User should not able to email login from any other device.
Is it possible? If yes what are steps inclueded.
1 Reply
Hi mihir0811 .
It's not possible achive this ONLY by conditional access policies.
1) You have to deploy Windows Hello for Business.
2) You have to configure Microsoft Edge/Google Chrome to enforce SSO.
3) You should prohibit Anonymous mode in browser.
4) You have to create authentication strength whitch allow only WHfB and TAP. (TAP will be use ONLY for WHfB registration)
5) You have to deploy CA policy whitch allow access from Windows devices ONLY with newly created authentication strength.
6) You should enable passwordless experience.
All users will be forced to register WHfB and will not be ale loggin with other type authentication except temporary password authentication.
Regards
Jan
