Forum Discussion
Need to restrict a user's access to a specific device category
Hello!
So all the resources I find online say this is really easy then inevitably link me to instructions regarding ENROLLMENT which is not what I want.
My issue is thus:
I want a specific user to ONLY be able to access devices that are in a certain category similar to how in Active Directory you could set which devices an account could log in to. I have been lead to believe that there is a way to set a configuration policy such that user X can not log into any devices except ones that are marked as Device Category Y but I can't find the actual tags to use in the settings catalog.
Does anyone have experience setting this kind of policy and can tell me what I'm missing?
Thank you!
2 Replies
Hi MPomeroy
yes you can:
1- Navigate to Entra ID -> Security | Security Center.2- Named locations in the right-hand panel.
3- Click on the IP Range Location at the top.
4- Enter the device's IP adress in (for the user that you need to restrict access).
5- Then navigate to Condetional access and click on Creat New Policy.
6- Give the policy a name.
7- Under assignments, slecet the user from whom you want to restrict device login.
8- In cloud apps, choose all apps.
9- Under Conditions, click on the Locations, select All Locations, and under the Exclude option, choose the named location you just created.
10- Finally, leave everything else as is and click on Grant -> under Grant select Block access.
Important: If you have a lab environment you can tested first before applying it in production.
Feel free to reach out if you have any additional questions.
Maybe this could be helpful
https://petervanderwoude.nl/post/restricting-the-local-log-on-to-specific-users/
