Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Mar 12, 2025
Solved

No PIN / No Access

Hi All   I hope you are well.   Anyway, on Android Enterprise Fully Managed devices, I have an ask to to enforce a No PIN No Device Access policy.   These devices have the usual, where the PIN ...
Intune
mobile device management (mdm)
  • DR5246's avatar
    DR5246
    Mar 15, 2025

    Not sure you can like this.

    What I would do is this (I use MDM with MAM):

    1. Make sure you check for PIN in Compliance Policy
    2. MDM -Create Conditional Access Policy that requires Compliance Device and target all Apps
    3. MAM - Create another CA Policy that requires "Require app protection policy"

    Keep in mind you do not want to block access to the device because then they can't get onto it to fix complaint issues that they can get guidance from the "Company Portal" 

    • What this will give you is they can get onto the device but they can't access corporate data (SharePoint, OneDrive, Teams, etc) until they fix the compliance issue and in this case its the PIN.

     

    So look at it this way, Intune configures the device via config policies and the compliance policies check those settings and mark the device non-compliant. 

     

    Conditional Access is the Bouncer at the door checking you out and not allowing you in if you not compliant.

     

DR5246's avatar
DR5246
Copper Contributor
Mar 15, 2025

Not sure you can like this.

What I would do is this (I use MDM with MAM):

  1. Make sure you check for PIN in Compliance Policy
  2. MDM -Create Conditional Access Policy that requires Compliance Device and target all Apps
  3. MAM - Create another CA Policy that requires "Require app protection policy"

Keep in mind you do not want to block access to the device because then they can't get onto it to fix complaint issues that they can get guidance from the "Company Portal" 

  • What this will give you is they can get onto the device but they can't access corporate data (SharePoint, OneDrive, Teams, etc) until they fix the compliance issue and in this case its the PIN.

 

So look at it this way, Intune configures the device via config policies and the compliance policies check those settings and mark the device non-compliant. 

 

Conditional Access is the Bouncer at the door checking you out and not allowing you in if you not compliant.

 

StuartK73's avatar
StuartK73
Iron Contributor
Mar 19, 2025

Hi Buddy

 

Many thanks for your very informative reply.

Great point with regards to no access to the device, then the end user couldn't rectify the situation. I knew it had to be something obvious!!!

 

I do like your concept of the App Protection policy though. so many thanks for that.

 

SK

Resources