Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Sep 04, 2025

Restrict some devices

Hi All   I hope you are well.   Anyway, I'm looking for some advice.   We have identified some Intune enrolled, Entra ID joined devices that may be security risks (malware) and would like to re...
Conditional Access
Intune
mobile device management (mdm)
StuartK73's avatar
StuartK73
Iron Contributor
Sep 04, 2025

Hi Buddy

Unfortunately, these devices are not yet enrolled in Defender for Endpoint, I am and have been pressing for this for a while now.

 

Could you elaborate on "Alternatively, if you have list of devices already identified, then you can block access to them using conditional access device filters. "

 

I'm struggling to get my head around the Include filtered devices in the policy  / Exclude filtered devices from the policy.

 

Let say we do

 

CA Policy - Filtered Devices

All users

All resources

Access = BLOCK

Include filtered devices in the policy

Property Operator Value

DeviceID Equals Device ID from Intune

 

Does that policy work out as any user accessing any cloud resource on a deviceID is blocked?

 

SK

 

 

rahuljindal's avatar
rahuljindal
Bronze Contributor
Sep 05, 2025

Hey. Yes, pretty much any user (provided you select all users in the CA) that tries to access the cloud resources you define in the CA, will be blocked when you select the grant control as blocked. 

Resources