Dear,

We want to use conditional access for remote workers with always on VPN.

The scenario we want to achieve is the following:

- User device tries to make an always on VPN connection to RRAS.

- RRAS or NPS has to check the device health status in Intune.

- Conditional access policy is applied so if the device is healthy (for example) the user gains access to corporate resources.

Which Azure AD licenses do we need for this? Azure AD P1 or Azure AD P2?

It's not completely clear for me, some documentation states that CA for 'apps' is only available with P2.

I don't know if this scenario is considered as an "app".

Can someone please clarify this for me?

Kind Regards,

Pieter