Sep 21 2024 03:22 AM
Hi intune community,
I want user in my organization to access mailbox only using their own device only.
* User should not able to email login from any other device.
Is it possible? If yes what are steps inclueded.
Sep 22 2024 02:39 AM
Hi @mihir0811 .
It's not possible achive this ONLY by conditional access policies.
1) You have to deploy Windows Hello for Business.
2) You have to configure Microsoft Edge/Google Chrome to enforce SSO.
3) You should prohibit Anonymous mode in browser.
4) You have to create authentication strength whitch allow only WHfB and TAP. (TAP will be use ONLY for WHfB registration)
5) You have to deploy CA policy whitch allow access from Windows devices ONLY with newly created authentication strength.
6) You should enable passwordless experience.
All users will be forced to register WHfB and will not be ale loggin with other type authentication except temporary password authentication.
Regards
Jan