That's a wrap: Conditional Access AMA - July 15, 2020
Thank you for joining us and voicing your questions and feedback during this fun and action-packed hour.If we didn't get to your question during today's event, don't worry. We will work to provide answers throughout the day and rest of this week. We will put together a summary of what was covered duringtoday's AMA and share it in this group later this week. Our next Microsoft Endpoint Manager AMA will be on Tuesday, August 11 th and we'll have experts standing by to answer any questions you may have about managing iOS and macOS devices with Microsoft Endpoint Manager. Save the date! Please note that you won't be able to ask new questions in this space until our next live Microsoft Endpoint Manager AMA event. For more information and help with Conditional Access, please see the following resources: Provide feedback on features and capabilities in either the Azure AD User Voice channel orMicrosoft Intune UserVoice channel. To learn more about Conditional Access, see ourtechnical documentation. For help and support, see Azure support. See you next time!
WIP without Enrollment CA Policy
Is there any plans in place to extend the "Require App Protection Policy" CA to include Windows as a device platform to assist with WIP without enrollment. As WIP policies are now configured in MEM APP section, it makes sense to me for this to be possible. We have come across scenario recently where there appears to be a security loophole if you AAD register more than one account (I understand WIP is not supported on multiple identity per device) but it appears you can access the 2nd account, OneDrive for example without any WIP restrictions. Not ideal for data security. I thought the above changes to CA would mitigate this and potentially other scenarios as the second AAD register would not have an APP applied and wouldn't grant access. Happy to hear some thoughts? Thanks in advanceWelcome to the Conditional Access AMA
To submit a question, click "Start a new conversation" here in theMicrosoft Endpoint Manager AMA space--and do this for each new question.This will enable us to easily identify and answer your questions. If you want to keep an eye on the questions being asked by your peers, simply stay on theMicrosoft Endpoint Manager AMA space--and refresh the page from time to time. Ask us your tough questions, your detailed questions, your simple questions--or, share your feedback (your experience to date, features you'd like to see, etc.). After the event, we will make a summary of this AMA and post it to the group. Let's get started! Please introduce yourself as a reply below!
