Conditional Access not working with specified parameters

Contributor

We are trying to restrict access to O365 and any use of the O365 apps in a personal macOS device even if it's enrolled with Intune. This means that only macOS devices with Corporate ownership are allowed

However, whenever I try to test it on a personally owned macOS that is enrolled in Intune, I am able to access it still even if the conditional access action is set to Block.

This is what I have for the conditional access policy, but it's not working. Maybe I am misunderstanding something or I am missing something?

 

Odenkaz_3-1667416403387.pngOdenkaz_4-1667416410548.pngOdenkaz_5-1667416415923.pngOdenkaz_6-1667416422574.pngOdenkaz_7-1667416428271.pngOdenkaz_8-1667416435056.pngOdenkaz_9-1667416441411.png

 

1 Reply

The operatingSystem value isn't right, it must be a valid operating system there (device.operatingSystem -eq "valid operating system").

 

When using the above Block exclude company devices. If using a Grant exclude the personal devices.

You can also work with filters in EndPoint Manager/Intune under Tenant administration - Filters and using those in a compliance policy which in turn CA can check when configured.