Conditional access is a combination of policies and configurations from the products and services which are part of Enterprise Mobility + Security (EMS). This will allow ITPros to set granular access control to keep corporate data secure, while giving users rich experience that allows them to do their best work from any device, and from any location.
At Microsoft, to manage devices and control access to corporate resources, we use Intune and Azure Active Directory (AAD). From Intune, we deploy compliance policies and from AAD we enforce required conditions on required apps.
To configure standard policies on devices, we use device restriction policies to configure password requirements and other security policies. To validate the device compliance status, we have policies to validate device password status, OS version, and device health status. Conditional access is then enforced for Office 365 apps in AAD.
To access work email, corporate wireless network, internal apps and to use VPN services, users need to enroll their devices into Microsoft Intune.
Or
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp
users need to approve management profile by going to Apple menu > System Preferences, click Profiles.
Best practices to improve user experience MacOS
Hopefully this post has given you some ideas on how to implement conditional access on Mac devices and improve organizational security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.