SOLVED

Condition Access Question

Brass Contributor
Quick question. Hoping this is a simple answer. As begin to prepare and test moving more devices into Intune we have been would like to test Conditional Access of course. Unfortunately myself and another colleague (Intune Administrators) are presented with an access denied msg when clicking on CA. Does a user have to be a Global Admin to configure CA policies?
1 Reply
best response confirmed by JanKetil (MVP)
Solution

Hi,

As Conditonal Access is an Azure AD Service you need a RBAC role in AzureAD to be able to manages Conditonal Access settings, "Conditional Access Administrator: Users with this role have the ability to manage Azure Active Directory conditional access settings."

With that in place you should be able to manage CA rules.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...

Regards,
Jörgen

1 best response

Accepted Solutions
best response confirmed by JanKetil (MVP)
Solution

Hi,

As Conditonal Access is an Azure AD Service you need a RBAC role in AzureAD to be able to manages Conditonal Access settings, "Conditional Access Administrator: Users with this role have the ability to manage Azure Active Directory conditional access settings."

With that in place you should be able to manage CA rules.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...

Regards,
Jörgen

View solution in original post