Forum Discussion
Restrict some devices
Are these devices enrolled in Defender for Endpoint? If yes, then you can configure the compliance policy in Intune to look at MDE risk score and then leverage this as into a conditional access policy looking at device compliance as a grant control. If you are using a non-Microsoft security solution, then you can still use the compliance policy, but it may require a bit of scripting to pull the desired status of the device in form a custom compliance policy. Alternatively, if you have list of devices already identified, then you can block access to them using conditional access device filters.
Hi Buddy
Unfortunately, these devices are not yet enrolled in Defender for Endpoint, I am and have been pressing for this for a while now.
Could you elaborate on "Alternatively, if you have list of devices already identified, then you can block access to them using conditional access device filters. "
I'm struggling to get my head around the Include filtered devices in the policy / Exclude filtered devices from the policy.
Let say we do
CA Policy - Filtered Devices
All users
All resources
Access = BLOCK
Include filtered devices in the policy
Property Operator Value
DeviceID Equals Device ID from Intune
Does that policy work out as any user accessing any cloud resource on a deviceID is blocked?
SK
Hey. Yes, pretty much any user (provided you select all users in the CA) that tries to access the cloud resources you define in the CA, will be blocked when you select the grant control as blocked.