Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Device ownership a condition of conditional access

The potential to place a device into a quarantine before permission is granted to access any corporate resource. Many of my customers wish to use Intune and have a mobility strategy but wish to restrict access to corporate devices only.

Perhaps one way to achieve this is to make it a condition for conditional access scenarios that the device is 'corporate', which could be extended to Azure AD conditional access too. This may give the opportunity to have different access policies depending on the application or service being granted access to.

56 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Tim Siddle shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Christian commented  ·   ·  Flag as inappropriate

    For a cloud only environment this is essential to prevent personal devices accessing company resources where device compliance of company devices is not so important.

    It could work just like the require Hybrid-Joined Device control but for Azure AD Joined devices only.

    Alternatively you could allow CA policies to apply to device groups and blocking personal devices could be achieved through deploying a CA policy to a dynamic device group containing only personal devices. This would ensure that company devices of cloud only environments can always access the necessary resources.

Feedback and Knowledge Base