Forum Discussion
Azure AD Conditional Access - Require Domain Joined Device
- Correct, that would be on-prem AD domain-join.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azure AD.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azure AD.
- So if a machine is not joined to on-prem AD and it is only joined to Azure AD, you're saying conditional access won't work? Why doesn't the documentation list the requirement of being on-prem AD joined?
An Azure AD joined machines will work with conditional access. You will just need to use the value of "Require device to be marked as compliant" This requires the device to be managed through Intune however and does not allow you to use only Azure AD joined machines that are not managed.
Hi,
Can you please elaborate further.
We have following requirement.
Only the devices issued by IT departmernt should be able to access SharePoint Online. How can I acheive this using conditional or compliance policies?
We don't have on prem AD.
Thanks,
Loryan Strant I just finished creating a lab to test this all out and while I was able to get Windows 7 to work with the conditional access setting "require domain joined device", I could not get it to work with Windows 10 which ironically should have been easier. Can you review my blog and let me know what I am missing? http://www.thecloudtechnologist.com/azure-ad-premium-conditional-access-for-domain-joined-machines/
