Oct 03 2018 08:34 AM
M365 Business does not include the ability to create conditional access rules. We are wondering if there was any specific reasons it was not included such as cost, complexity or MS felt for SMBs the risk was not the same. The price point of this product, $20/seat, is perfect so I would not want to see it go up but having 2-3 basic conditional access rules available would be ideal. These might be allow only authenticated devices, allow only from within North America and allow only from listed IP address ranges.
Mark Benton
Mar 28 2019 09:07 AM - edited Mar 28 2019 09:34 AM
Thank you for your answers.
What I really mean with "useless" is that to protect mail with MAM, I should force to use protected apps.
If I create an app protection policy and I cannot apply a conditional access policy, then the user can use nativa email apps to bypass my protection.
Apr 08 2019 08:24 AM
@Mark BentonReplying to the opening because I think this is a unique ask.
If I don't have conditional Access, then how do I block non-compliant mobile devices from accessing company data and services? Doesn't this nullify everything you're doing in Intune Compliance Policies if you can't do anything about a non-compliant device? I must be missing something.
Apr 09 2019 01:29 AM
Hi I am a small business owner and I would like to say that it is hard to understand that CA has been left out of M365. We currently have Office 365 BP and subscribe to mobile security + E3 and one of the major reasons is to have access to Conditional Access. We have a number of contractors and staff we apply CA to, to satisfy our (sorry my) security paranoia. I have been looking at M365 and would like to get it but the cost of M365 + AAD P1 just does not stack up to me given the multiple double up of services. I understand bundling to upsize the sale, but it does not usually include so many redundant costs such as you would incur if you took M365 and AAD P1.
Apr 16 2019 01:44 PM
May 06 2019 11:18 AM
We had users on Office 365 Bus. Premium and were blocking access to users without a device password using the basic Office 365 MDM. We recently upgraded all users to Microsoft 365 Business and need to move our users to Intune (for some other functionality). We were unable to replicate the basic password enforcement policy we had on Office 365 MDM. We called support who said we needed to purchase either an Azure AD Premium or EMS license just to get the same functionality (via conditional access). Seems unreasonable to have to buy two licenses (Intune + AAD/EMS) just to replicate a basic MDM enforcement policy.
May 06 2019 11:25 PM
If you want to do what you say: put all of your customers on M365 Business and Azure AD P1. You don't need EMS. You get all of the tools you need to lock your tenant down. It sucks that we have to pay for Azure AD P1 but conditional access makes it worth it. Hopefully they add it to M365B -- then all small businesses have the tools to protect themselves provided they know how to configure it properly.
Jun 12 2019 12:09 PM
Jun 12 2019 12:14 PM
@Ashanka Iddya Thank you .. this is proof that Microsoft listens to feedback for sure:
https://techcommunity.microsoft.com/t5/Microsoft-365-Business-Blog/Conditional-Access-is-now-part-of...
Finally we can have awesome security for SMB customers as well!!
Jun 12 2019 12:40 PM