Compliant intune device don't pass conditional access policy

%3CLINGO-SUB%20id%3D%22lingo-sub-1498151%22%20slang%3D%22en-US%22%3ECompliant%20intune%20device%20don't%20pass%20conditional%20access%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1498151%22%20slang%3D%22en-US%22%3E%3CP%3EHey%2C%3C%2FP%3E%3CP%3EI'm%20having%20problems%20configuring%20conditional%20access%20for%20unmanaged%20and%20managed%20devices%20when%20accessing%20ressources.%3C%2FP%3E%3CP%3EI'm%20using%20the%20prebuild%20sharepoint%20CA%20rules(these%20are%20showing%20up%20in%20the%20CA%20portal%20when%20restricted%20access%20is%20activated%20in%20the%20ahrepoint%20admin%20portal%20under%20access%20controll%20menu)%20and%20added%20the%20condition%20that%20these%20rules%20are%20not%20applied%20when%20a%20hybrid%20joined%20or%20compliant%20device%20tries%20to%20get%20access.%3C%2FP%3E%3CP%3EUnfortuantely%20this%20doesn't%20work%2C%20similar%20if%20I%20use%20a%20hybrid%20joined%20device%20or%20an%20intune%20joined%20compiant%20device.%3C%2FP%3E%3CP%3EWhen%20I%20check%20the%20login%20logs%20in%20Azure%20AD%20I%20can%20see%20that%20the%20rules%20are%20applied%20and%20the%20fields(managed%2C%20compliant%2C%20connectiontype)%20under%20%22device%20information%22%20are%20empty%20so%20it%20seems%20Azure%20AD%20can't%20access%20the%20device%20state%20from%20the%20device%20itself%20when%20ressources%20are%20accessed%20from%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20this%20issue%2C%20can%20reproduce%20it%20or%20have%20any%20ideas%20what%20needs%20to%20be%20done%3F%3C%2FP%3E%3CP%3EThanks%20and%20regards!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1498151%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECompliant%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Contributor

Hey,

I'm having problems configuring conditional access for unmanaged and managed devices when accessing ressources.

I'm using the prebuild sharepoint CA rules(these are showing up in the CA portal when restricted access is activated in the ahrepoint admin portal under access controll menu) and added the condition that these rules are not applied when a hybrid joined or compliant device tries to get access.

Unfortuantely this doesn't work, similar if I use a hybrid joined device or an intune joined compiant device.

When I check the login logs in Azure AD I can see that the rules are applied and the fields(managed, compliant, connectiontype) under "device information" are empty so it seems Azure AD can't access the device state from the device itself when ressources are accessed from it.

 

Does anyone know this issue, can reproduce it or have any ideas what needs to be done?

Thanks and regards!

0 Replies