Limit user login only from domain joined or compliant pc

Brass Contributor

Dear All, 


is there anyway we to limit user access mailbox only from domain joined pc, not allowed to login via personal or public pc. 


for owa we can certainly use ADFS to setup rules, is there any possibility on outlook client either using hma, adfs, or conditional access. 


Our environment is exchange 2019 hybrid 

8 Replies



May I know in CA under target resources, there is no exchange server, if exchange online covering on premise mailboxes as well ? 



thank you. 





The condition you've selected applies only to cloud app (those that integrate with Azure AD). To get CA policies to work with Exchange Server, you should implement HMA:



Thank your for quick respond. Our environment HMA already in position by following this kb, but still no luck using CA. 


what else would need to setup for CA to control mailbox hosted on exchange server. 


Are the devices Intune managed?



Not at this time, only couple pc managed by Intune, most all of them are SCCM managed. May I know CA only applicable to those managed by Intune?  

If the idea is to restrict access based on the device compliance, Intune is a requirement. Otherwise, you should be able to use other conditions.
Got it, thank you for your input and we have the ideas to move on this path.