Intune conditionnal access

Intune conditionnal access

Intune conditionnal access

Office 365 conditionnal access

If you have a subscription intune and office 365, it is possible to configure the conditional access. This feature allows to control access to the boxes mail Office 365. Only devices enrolles in Microsoft Intune and respecting security defined constraints will have access to their mailbox Microsoft Office 365.

It is possible to proceed with the implementation of conditional access for Outlook or other applications that use modern authentification.

For use this functionnality, you need use this Platform

  • Android 4.0 and later, Samsung Knox Standard 4.0 and later
  • iOS 7.1 and later
  • Windows Phone 8.1 and later

It is also possible to proceed to the restriction of access for people going to their mailboxes through OWA. Access will only be allowed from only supported browsers on compliant devices:

  • Safari (iOS)
  • Chrome (Android)
  • Managed Browser (iOS and Android)

All unsupported browser will be blocked.

Activate and configure Conditionnal access

As a first step, it is necessary to access the console Intune ( In the console, click strategy compliance strategy. Click Add to add a new one.

Compliance Policy for conditionnal access

Configure the policy as desired. The equipment must meet these parameters to be “compliant”.

Create conformity policy

Click reports and then click mobile inventory reports. This report will allow to visualize the inventory report and verify compliant or non-compliant devices. In the central panel, click view report.

Report for conditionnal access

The report presents an inventory of devices added to Intune. Compliance column indicates whether the device is compliant or not.

report conditionnal access

In the menu click strategy, strategy Exchange Online and then configure as desired the strategy of conditional access.

Create Policy for conditionnal access

Setting up an email profile was done on an iPhone. The latter is now compliant with the security settings.

Mail has been present on mailbox

Since the Intune console, it is possible to see the number of said non-compliant device.

Office 365 conditionnal access

The phone is now removed from Intune so that it is non-compliant. A few hours later access to messaging is not possible. The new mails will not be downloaded.

Device has not compliant

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.