Windows Information Protection

Regular Contributor

We have implemented a MAM solution using Intune for mobile devices (iOS and Android) but now want some kind of solution for Windows (laptop/ desktop not mobile) devices. I know I can setup a Windows Information Policy (without enrollment) as described here:

But this doesn`t block Windows devices from accessing my cloud apps when those apps are not managed. I need to use some conditional access policy for that, but can somebody point me in the right direction (article) of the correct settings for such a CA policy?


4 Replies



What version of Windows you are running? Did you look at Intune conditional access for domain-joined machines?

@Riaz Javed ButtHi Riaz,


We are in the process of a migration to Windows 10. We want to allow our users to access our data with their own device, but only when WIP is applied (so only allow Windows 10 with Creators Update). So we want to block all other Windows devices when the WIP policy is not applied. But because these are personal owned devices we cannot use a condition of domain-joined or compliant (because we cannot do MDM).

Hi Peter.

I have the same scenario.

Intune App Protection works on Android and iOS but WIP does not apply on Windows 10 computer with or without enrollment.

I also want to prevent upload and download files to and from sharepoint online when you are working from a Windows 10 computer which is not in the domain.

Have you found a solution?

Hi Morten,



No, I haven`t found a solution for this.
Must say haven`t spend much time on this subject last months because of other projects.