I'm quite new with using Intune, I was trying to figure out if there was a way that I could create a conditional access policy which would allow a device that has been enrolled, the ability to access office online applications (word online, excel etc)?
At the moment the organisation has a conditional access policy that prevents users from outside the organisation, access to desktop versions of the applications such as outlook unless I add them to the exclusion list.
The same goes for mobile access, users added to the excluded list/group will be able to have office applications on their mobile devices.
I would like a conditional access policy for enrolled windows devices (laptops/PCs) so that they are able to access office online applications only, is this possible and what would be the best way to go about it?
I forgot to mention, the device should be able to access the applications from any location.
@Dwayne05 It all depends on how you have configured the existing CA policies.
If the user/device fall into another CA policy that blocks online apps (or all apps) then you will first need to update that CA policy to exclude these users/device. You can then create a new policy that does a Grant access if the user/device meet your criteria.
A sample CA policy will be the one below.
Users: All users
App: (Select all O365 Online apps)
Condition: Is Compliant
Location: Exclude Trusted network
Access: Grant Access
Once you have this policy any user that doesn't have a compliant (enrolled device) will not be able to access Office 365 online apps.