Forum Discussion
Conditional Access: Require "Azure AD joined"?
In the Grant access configuration I can require a device to be "Hybrid Azure AD joined". Can this option be used to require "Azure AD joined" for cloud only organizations?
If "Hybrid Azure AD joined" is including "Azure AD joined", how can I require a device to be "Azure AD joined" in a conditional access policy?
- Consider enrolling the devices in Intune and use "compliant device" as CA. A device can only be managed by one organization and for a device to be compliant it has to be registered to your org. and satisfy the compliance settings you specify. You can also set device restrictions to block enrollment by devices that aren't corporate owned.
- Gotcha, thanks! So the "Hybrid Azure AD joined" should be ignored if the org is cloud-only, and the compliant device state should be used instead.
