SOLVED
Home

Condition Access Question

%3CLINGO-SUB%20id%3D%22lingo-sub-332091%22%20slang%3D%22en-US%22%3ECondition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332091%22%20slang%3D%22en-US%22%3EQuick%20question.%20Hoping%20this%20is%20a%20simple%20answer.%20As%20begin%20to%20prepare%20and%20test%20moving%20more%20devices%20into%20Intune%20we%20have%20been%20would%20like%20to%20test%20Conditional%20Access%20of%20course.%20Unfortunately%20myself%20and%20another%20colleague%20(Intune%20Administrators)%20are%20presented%20with%20an%20access%20denied%20msg%20when%20clicking%20on%20CA.%20Does%20a%20user%20have%20to%20be%20a%20Global%20Admin%20to%20configure%20CA%20policies%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-332091%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-332121%22%20slang%3D%22en-US%22%3ERe%3A%20Condition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332121%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EAs%20Conditonal%20Access%20is%20an%20Azure%20AD%20Service%20you%20need%20a%20RBAC%20role%20in%20AzureAD%20to%20be%20able%20to%20manages%20Conditonal%20Access%20settings%2C%20%22%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%23conditional-access-administrator%22%20data-linktype%3D%22self-bookmark%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EConditional%20Access%20Administrator%3C%2FA%3E%3C%2FSTRONG%3E%3CSPAN%3E%3A%20Users%20with%20this%20role%20have%20the%20ability%20to%20manage%20Azure%20Active%20Directory%20conditional%20access%20settings.%22%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWith%20that%20in%20place%20you%20should%20be%20able%20to%20manage%20CA%20rules.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERegards%2CJ%C3%B6rgen%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Quinn Wade
Occasional Contributor
Quick question. Hoping this is a simple answer. As begin to prepare and test moving more devices into Intune we have been would like to test Conditional Access of course. Unfortunately myself and another colleague (Intune Administrators) are presented with an access denied msg when clicking on CA. Does a user have to be a Global Admin to configure CA policies?
1 Reply
Solution

Hi,

As Conditonal Access is an Azure AD Service you need a RBAC role in AzureAD to be able to manages Conditonal Access settings, "Conditional Access Administrator: Users with this role have the ability to manage Azure Active Directory conditional access settings."

With that in place you should be able to manage CA rules.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...

Regards,
Jörgen

Related Conversations
Conditional Formatting Formulas
jfh117 in Excel on
11 Replies
Conditional policies in Azure AD vs. Intune
Robert Woods in Microsoft Intune on
14 Replies
conditional formatting based on formula description
duco gm mansvelder in Excel on
3 Replies
Device Compliance
Baljit Aujla in Microsoft Intune on
21 Replies