Forum Discussion
Solved
Condition Access Question
Hi, We have following business requirement. Only the devices issued/approved by IT departmernt should be able to access SharePoint Online. How can we acheive this using conditional or compliance...
Hi,
The following article should help you set this up.Also, in order for 'Use App enforce restriction' session access control to work. You have to set your organization to 'First-Release' for everyone. This will then update the sharepoint admin center access control page to set controls for sharepoint online access.
Hope this helps!
Hi,
yes, we use EMS E3 (Intune and AD P1).
Can you please suggest how to make it work - Steps?
Ideanlly, we want to have a workflow like below.
- Have a policy in place that allows only Azure AD joined machines to access SharePoint Online.
- Only Admins can join machines to Azure AD.
Thanks,
If your machines are AAD joined or registered then you can create a condition access policy that defines the Who-What-How and grants access for domain joined machines.
Who: What users do you want the policy to apply to or exclude
What: The services you wish for the policy to apply to
How: The method of accessing the service (app or web browser).
I hope that makes sense.
Hi,
Thanks for your reply.
The "Require domain joined" setting doesn't work. It seems it applies to On prem domain joined only.
I am trying to use compliance condition. However, I don't want users to auto enroll. Only admin should be able to enroll.
Thanks.
