Forum Discussion

RauschNauti's avatar
RauschNauti
Copper Contributor
Sep 07, 2020

Block Access from private Devices to Microsoft Apps.

Hello, i got a question: We are planning to Buy Microsoft 365 Business Premium and Microsoft 365 Business Standard + Intune Device License. My problem is that our Company doesn´t want to have Acce...
Conditional Access
microsoft 365
microsoft intune
olastrom's avatar
olastrom
Brass Contributor
Sep 21, 2020

Hi RauschNauti,

As mentioned in this thread, the easiest way to block access is to use Conditional Access. Set a rule for Office 365 and set the grant condition to "require the device to be marked as compliant", an un-managed device will never be compliant. 

If you want to ensure that your users are only using approved apps, consider adding the "Require approved client app" to your grant policy as well (only applies to iOS and Android).

Think this link has already been shared, but I'll add it anyways. Conditional Access require managed device - Azure Active Directory | Microsoft Docs

 

This goes without saying, but test on a small scale before deploying company-wide. 🙂

 

You will need Azure Active Directory Premium P1 or P2 to use Conditional Access.

Resources