Forum Discussion

Admin Tyrell's avatar
Admin Tyrell
Copper Contributor
Oct 17, 2018

Registration of Authorized devices

Hello All,

 

Sorry if this has been covered before, but I am new to this community.  I was curious if there was anyway using Intune or the built in MDM within O365 to manage/authorize access to devices requesting access to our network/cloud resources.  Specifically the ability to authorize/deny access to devices that have yet to be screened by our IT department (personal devices).  Is there a way for admins to receive a notification of some sort when a new device has requested authorization to access these resources?  Our environment is currently restricted to just IPs based within our defined range, but we would also like to do some sort of specific device authorization for users whom are using their own personal devices.

 

Any help or direction on where to look would be greatly appreciated.  Thank you in advance.

 

Tyrell

  • Hi Tyrell,

     

    there is no approval workflow available for authorization of devices. But you could use Conditional Access to allow only compliant devices to restrict access to devices which fulfill your compliance settings like BitLocker encryption is on etc. and you could further restrict enrollment to corporate only whitelisted devices, this would block personal devices. These measurements available in Intune can be used for Windows 10, iOS and Android but again there is no notification or approval workflow available for this. When dealing with enrollment restrictions you need to get serial numbers/IMEIs (iOS, Android) or hardware hashes (Win10) and whitelist them. 

     

    See detailed information here:

     

    Set enrollment restrictions

    https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

     

    How To: Require managed devices for cloud app access with conditional access

    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices

     

    best,

    Oliver

Resources