Forum Discussion
RonaldvdMeer
Mar 26, 2020Iron Contributor
Problem with Conditional Access rule Use app-enforced Restrictions for browser access.
I have a problem with a conditional Access rule called:
Use app-enforced Restrictions for browser access.
I can't get it to work properly. I followed all the documentation i could find, but it doesn't work.
In the conditions i have set the following.
1. locations to all locations and excluding trusted locations.
2. Client Apps i selected Browser and Other Clients.
3. Device state All device state excluding devices marked compliant.
Under access control i selected app Use app enforced restrictions.
The weird about this Conditional Access Rule does function as expected on an compliant Mac but not on Windows 10 Devices.
In the signin logs i noticed the following.
When i login on a Mac with for example the Chrome Browser in Device Info of the SignIn logs all fields such as Compliant are filled with info. But when i sign in from a any browser on a compliant Windows 10 device, only the fields browser and Operating System are filled.
I somehow get the feeling that because of missing info in the device info, the conditional access rule thinks that the windows 10 device is not compliant.
In Google Chrome i have the Windows 10 Accounts Extension and in Edge i am signed in.
- Thijs LecomteBronze ContributorIs this device fully enrolled into Intune?
- RonaldvdMeerIron Contributor
Yes
- Thijs LecomteBronze ContributorIf you log into an Office app like Outlook, does this show correctly?
- Coert KasteleinBrass Contributor
Unfortunately I have a client with the exact same issue, already on two devices. After opening a case with Intune support it got closed eventually because the MFA device state is (still) in preview.
The user is currently using Chrome to workaround to make sure app enforced restrictions are not applied.