@cjitsolutions  Hi Chris, I have a very simple policy in place that marks the device as non-compliant if the OS is below a certain level.

I have tested this on iOS and Android and the devices are marked as non-compliant in InTune, from there i have logged into Azure and created a conditional access policy which looks for any device that is marked as non-compliant and blocks it. From my understanding this should stop the device from getting email etc but the apps still work fine.

Im very confused as to what ive done wrong?

@nate009Hi Nate,

You may not have done anything wrong! 

My understanding is that you need to define within the policy, what resources will be blocked when the policy is triggered:

https://docs.microsoft.com/en-us/intune/create-conditional-access-intune

So have you specified that the o365 applications you want to block within the conditional access policy you have configured?

Cheers,

Chris Jacob

@cjitsolutions Hi Chris, I have specified that. I just chose outlook and sharepoint as a test but they are still working?

@nate009 

And I'm assuming you have set the 'Grant' option, to 'Block access' with the 'Require device to be marked as compliant' box checked.

Also, have you set the policy to 'On' as by default it is 'Off' i believe.

Cheers,

Chris Jacob