O365 conditional access based on endpoint security posture

Copper Contributor

Guidance requested.


Can the O365 content access be allowed (read vs read+write) based on endpoint security posture (encrypted with bitlocker vs non-encrypted devices)?


Considering endpoint devices are enrolled to Azure AD.

1 Reply
With MCAS and/or Conditional Access session policies against compliance (encryption), you could get some DLP to prohibit downloads, but I don't believe you can change permission levels. Would welcome others to advise otherwise, though, and if not; would be good feedback for the product team.

Out of curiosity, what's the business case here - why does encryption state change your position on editing files?