SOLVED

Restrict Access to EAS with MAM+CA

%3CLINGO-SUB%20id%3D%22lingo-sub-176559%22%20slang%3D%22en-US%22%3ERestrict%20Access%20to%20EAS%20with%20MAM%2BCA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176559%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%20does%20anyone%20have%20an%20example%20policy%20for%20this%20scenario%20that%20we%20could%20look%20over%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-176559%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176673%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Access%20to%20EAS%20with%20MAM%2BCA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176673%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Oliver!%20The%20documentation%20I%20was%20finding%20with%20my%20Google%20searches%20were%20all%20pointing%20towards%20the%20old%20portal%20and%20setting%20things%20up%20in%20there%2C%20and%20then%20the%20settings%20did%20not%20match%20the%20new%20portal.%20this%20seems%20right%20on%20par%20with%20what%20I%20was%20looking%20for.%20I%20will%20give%20it%20a%20shot.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176645%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Access%20to%20EAS%20with%20MAM%2BCA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176645%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Robert%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20you%20should%20have%20a%20look%20at%20the%20documentation%20from%20Microsoft%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-conditional-access-mam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-conditional-access-mam%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EIt%20defines%20scenarios%20and%20the%20corresponding%20settings%20for%20MAM%20%2B%20CA.%20I%20think%20you%20will%20find%20everything%20in%20there%20what%20is%20needed%20to%20accomplish%20your%20described%20goal.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176566%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Access%20to%20EAS%20with%20MAM%2BCA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176566%22%20slang%3D%22en-US%22%3E%3CP%3ESpecifically%2C%20we%20would%20like%20mobile%20devices%20to%20be%20restricted%20from%20EAS%20unless%20they%20are%20enrolled%20in%20Intune%2C%20with%20a%20group%20of%20excepted%20VIPS.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Super Contributor

Hello, does anyone have an example policy for this scenario that we could look over?

3 Replies

Specifically, we would like mobile devices to be restricted from EAS unless they are enrolled in Intune, with a group of excepted VIPS.

Best Response confirmed by Robert Woods (Super Contributor)
Solution

Hi Robert,

 

I think you should have a look at the documentation from Microsoft here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-mam

It defines scenarios and the corresponding settings for MAM + CA. I think you will find everything in there what is needed to accomplish your described goal.

 

best,

Oliver

Thank you Oliver! The documentation I was finding with my Google searches were all pointing towards the old portal and setting things up in there, and then the settings did not match the new portal. this seems right on par with what I was looking for. I will give it a shot.