Forum Discussion
Restrict some devices
Are these devices enrolled in Defender for Endpoint? If yes, then you can configure the compliance policy in Intune to look at MDE risk score and then leverage this as into a conditional access policy looking at device compliance as a grant control. If you are using a non-Microsoft security solution, then you can still use the compliance policy, but it may require a bit of scripting to pull the desired status of the device in form a custom compliance policy. Alternatively, if you have list of devices already identified, then you can block access to them using conditional access device filters.
Using Defender together with the Risk Score looks like a solid solution.
The Custom Compliance Policy you mentioned also seems useful — but do you know if it still works when combined with a Custom Extension Attribute that's based on a Conditional Access (CA) filter?
From my understanding, the device would need to be marked as compliant at the time when the attribute is created, correct?
That said, it looks like the Stuarts´s company is using an endpoint protection solution other than Defender, which might still fit into this scenario.
My question is: how would you approach this? Would you try to capture the required signals via a script (for example by checking logs or client version)? Normally, the AV solution itself should be capable of quarantining or blocking malware.
I think it would be helpful if StuartK73 could provide us with some additional input on this.
Good luck!