App group level conditional access?

%3CLINGO-SUB%20id%3D%22lingo-sub-2268365%22%20slang%3D%22en-US%22%3EApp%20group%20level%20conditional%20access%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2268365%22%20slang%3D%22en-US%22%3E%3CP%3EConditional%20access%20policies%20for%20WVD%20at%20the%20enterprise%20app%20registration%20level%20(as%20in%20the%20MS%20docs)%20are%20fine%20...%20but%20are%20there%20any%20capabilities%20(existing%20or%20planned)%20for%20more%20granular%20access%20policies%20at%20the%20workspace%20or%20application%20group%20level%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20drastically%20different%20compliance%20requirements%20based%20on%20whether%20users%20are%20accessing%20specific%20remote%20resources%20through%20a%20personal%20device%20or%20a%20corporate%2Fmanaged%20asset%2C%20that%20doesn't%20really%20fit%20blanket%20WVD%20access%20restrictions%20at%20the%20enterprise%20app%20level.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20couple%20example%20use%20cases%20we'd%20be%20interested%20in%3A%3C%2FP%3E%3CP%3E*%20Only%20show%20some%20(not%20all)%20of%20a%20user's%20entitled%20RemoteApps%20%2F%20Remote%20Desktops%20if%20that%20user%20is%20accessing%20WVD%20from%20a%20non-Intune%20compliant%20device.%3C%2FP%3E%3CP%3E*%20Adjust%20host%20pool-level%20device%20%2F%20clipboard%20%2F%20printing%20redirection%20settings%20based%20on%20whether%20the%20MSRDC%20app%20is%20running%20on%20an%20Intune-compliant%20device%20or%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Conditional access policies for WVD at the enterprise app registration level (as in the MS docs) are fine ... but are there any capabilities (existing or planned) for more granular access policies at the workspace or application group level?

 

We have drastically different compliance requirements based on whether users are accessing specific remote resources through a personal device or a corporate/managed asset, that doesn't really fit blanket WVD access restrictions at the enterprise app level.

 

A couple example use cases we'd be interested in:

* Only show some (not all) of a user's entitled RemoteApps / Remote Desktops if that user is accessing WVD from a non-Intune compliant device.

* Adjust host pool-level device / clipboard / printing redirection settings based on whether the MSRDC app is running on an Intune-compliant device or not.

0 Replies