SOLVED
Home

Condition Access Question

%3CLINGO-SUB%20id%3D%22lingo-sub-332091%22%20slang%3D%22en-US%22%3ECondition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332091%22%20slang%3D%22en-US%22%3EQuick%20question.%20Hoping%20this%20is%20a%20simple%20answer.%20As%20begin%20to%20prepare%20and%20test%20moving%20more%20devices%20into%20Intune%20we%20have%20been%20would%20like%20to%20test%20Conditional%20Access%20of%20course.%20Unfortunately%20myself%20and%20another%20colleague%20(Intune%20Administrators)%20are%20presented%20with%20an%20access%20denied%20msg%20when%20clicking%20on%20CA.%20Does%20a%20user%20have%20to%20be%20a%20Global%20Admin%20to%20configure%20CA%20policies%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-332091%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-332121%22%20slang%3D%22en-US%22%3ERe%3A%20Condition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332121%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EAs%20Conditonal%20Access%20is%20an%20Azure%20AD%20Service%20you%20need%20a%20RBAC%20role%20in%20AzureAD%20to%20be%20able%20to%20manages%20Conditonal%20Access%20settings%2C%20%22%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%23conditional-access-administrator%22%20data-linktype%3D%22self-bookmark%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EConditional%20Access%20Administrator%3C%2FA%3E%3C%2FSTRONG%3E%3CSPAN%3E%3A%20Users%20with%20this%20role%20have%20the%20ability%20to%20manage%20Azure%20Active%20Directory%20conditional%20access%20settings.%22%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWith%20that%20in%20place%20you%20should%20be%20able%20to%20manage%20CA%20rules.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERegards%2CJ%C3%B6rgen%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Quinn Wade
Occasional Contributor
Quick question. Hoping this is a simple answer. As begin to prepare and test moving more devices into Intune we have been would like to test Conditional Access of course. Unfortunately myself and another colleague (Intune Administrators) are presented with an access denied msg when clicking on CA. Does a user have to be a Global Admin to configure CA policies?
1 Reply
Solution

Hi,

As Conditonal Access is an Azure AD Service you need a RBAC role in AzureAD to be able to manages Conditonal Access settings, "Conditional Access Administrator: Users with this role have the ability to manage Azure Active Directory conditional access settings."

With that in place you should be able to manage CA rules.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...

Regards,
Jörgen

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
description for autoplay blocking in settings page
HotCakeX in Discussions on
8 Replies