O365 conditional access based on endpoint security posture

%3CLINGO-SUB%20id%3D%22lingo-sub-1260217%22%20slang%3D%22en-US%22%3EO365%20conditional%20access%20based%20on%20endpoint%20security%20posture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1260217%22%20slang%3D%22en-US%22%3E%3CP%3EGuidance%20requested.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20the%20O365%20content%20access%20be%20allowed%20(read%20vs%20read%2Bwrite)%20based%20on%20endpoint%20security%20posture%20(encrypted%20with%20bitlocker%20vs%20non-encrypted%20devices)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConsidering%20endpoint%20devices%20are%20enrolled%20to%20Azure%20AD.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1260217%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1270826%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20conditional%20access%20based%20on%20endpoint%20security%20posture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1270826%22%20slang%3D%22en-US%22%3EWith%20MCAS%20and%2For%20Conditional%20Access%20session%20policies%20against%20compliance%20(encryption)%2C%20you%20could%20get%20some%20DLP%20to%20prohibit%20downloads%2C%20but%20I%20don't%20believe%20you%20can%20change%20permission%20levels.%20Would%20welcome%20others%20to%20advise%20otherwise%2C%20though%2C%20and%20if%20not%3B%20would%20be%20good%20feedback%20for%20the%20product%20team.%3CBR%20%2F%3E%3CBR%20%2F%3EOut%20of%20curiosity%2C%20what's%20the%20business%20case%20here%20-%20why%20does%20encryption%20state%20change%20your%20position%20on%20editing%20files%3F%3C%2FLINGO-BODY%3E
Highlighted
Frequent Visitor

Guidance requested.

 

Can the O365 content access be allowed (read vs read+write) based on endpoint security posture (encrypted with bitlocker vs non-encrypted devices)?

 

Considering endpoint devices are enrolled to Azure AD.

1 Reply
Highlighted
With MCAS and/or Conditional Access session policies against compliance (encryption), you could get some DLP to prohibit downloads, but I don't believe you can change permission levels. Would welcome others to advise otherwise, though, and if not; would be good feedback for the product team.

Out of curiosity, what's the business case here - why does encryption state change your position on editing files?