Forum Discussion
Intune Conditional Access Policies
Hi Everyone,
I'm quite new with using Intune, I was trying to figure out if there was a way that I could create a conditional access policy which would allow a device that has been enrolled, the ability to access office online applications (word online, excel etc)?
At the moment the organisation has a conditional access policy that prevents users from outside the organisation, access to desktop versions of the applications such as outlook unless I add them to the exclusion list.
The same goes for mobile access, users added to the excluded list/group will be able to have office applications on their mobile devices.
I would like a conditional access policy for enrolled windows devices (laptops/PCs) so that they are able to access office online applications only, is this possible and what would be the best way to go about it?
I forgot to mention, the device should be able to access the applications from any location.
Thanks
Dwayne05 It all depends on how you have configured the existing CA policies.
If the user/device fall into another CA policy that blocks online apps (or all apps) then you will first need to update that CA policy to exclude these users/device. You can then create a new policy that does a Grant access if the user/device meet your criteria.
A sample CA policy will be the one below.
- Users: All users
- App: (Select all O365 Online apps)
- Condition: Is Compliant
- Location: Exclude Trusted network
- Access: Grant Access
Once you have this policy any user that doesn't have a compliant (enrolled device) will not be able to access Office 365 online apps.
