SOLVED
Home

Condition Access Question

%3CLINGO-SUB%20id%3D%22lingo-sub-332091%22%20slang%3D%22en-US%22%3ECondition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332091%22%20slang%3D%22en-US%22%3EQuick%20question.%20Hoping%20this%20is%20a%20simple%20answer.%20As%20begin%20to%20prepare%20and%20test%20moving%20more%20devices%20into%20Intune%20we%20have%20been%20would%20like%20to%20test%20Conditional%20Access%20of%20course.%20Unfortunately%20myself%20and%20another%20colleague%20(Intune%20Administrators)%20are%20presented%20with%20an%20access%20denied%20msg%20when%20clicking%20on%20CA.%20Does%20a%20user%20have%20to%20be%20a%20Global%20Admin%20to%20configure%20CA%20policies%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-332091%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-332121%22%20slang%3D%22en-US%22%3ERe%3A%20Condition%20Access%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332121%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EAs%20Conditonal%20Access%20is%20an%20Azure%20AD%20Service%20you%20need%20a%20RBAC%20role%20in%20AzureAD%20to%20be%20able%20to%20manages%20Conditonal%20Access%20settings%2C%20%22%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%23conditional-access-administrator%22%20data-linktype%3D%22self-bookmark%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EConditional%20Access%20Administrator%3C%2FA%3E%3C%2FSTRONG%3E%3CSPAN%3E%3A%20Users%20with%20this%20role%20have%20the%20ability%20to%20manage%20Azure%20Active%20Directory%20conditional%20access%20settings.%22%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWith%20that%20in%20place%20you%20should%20be%20able%20to%20manage%20CA%20rules.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERegards%2CJ%C3%B6rgen%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Quinn Wade
Occasional Contributor
Quick question. Hoping this is a simple answer. As begin to prepare and test moving more devices into Intune we have been would like to test Conditional Access of course. Unfortunately myself and another colleague (Intune Administrators) are presented with an access denied msg when clicking on CA. Does a user have to be a Global Admin to configure CA policies?
1 Reply
Solution

Hi,

As Conditonal Access is an Azure AD Service you need a RBAC role in AzureAD to be able to manages Conditonal Access settings, "Conditional Access Administrator: Users with this role have the ability to manage Azure Active Directory conditional access settings."

With that in place you should be able to manage CA rules.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...

Regards,
Jörgen

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies