Conditional Access not working with specified parameters

Brass Contributor

We are trying to restrict access to O365 and any use of the O365 apps in a personal macOS device even if it's enrolled with Intune. This means that only macOS devices with Corporate ownership are allowed

However, whenever I try to test it on a personally owned macOS that is enrolled in Intune, I am able to access it still even if the conditional access action is set to Block.

This is what I have for the conditional access policy, but it's not working. Maybe I am misunderstanding something or I am missing something?




1 Reply

The operatingSystem value isn't right, it must be a valid operating system there (device.operatingSystem -eq "valid operating system").


When using the above Block exclude company devices. If using a Grant exclude the personal devices.

You can also work with filters in EndPoint Manager/Intune under Tenant administration - Filters and using those in a compliance policy which in turn CA can check when configured.