introduction
this article we will see how to block group purchasing to access office.com with unregistered devices in azure AD
please join us
Pioneers OBS
before start apply Conditional Access : we need to understand the Organization Breakdown Structure for company Pioneers OBS
company requirements
company pioneers has the following requirements
- any user from Purchasing department who access from unregistered devices from any platform should be BLOCKED
Azure AD Joined Devices
Azure AD join is primarily intended for organizations that do not have an on-premises Windows Server Active Directory infrastructure
you can use it in in the following cases :
- You want to transition to cloud-based infrastructure using Azure AD and MDM like Intune.
- You can’t use an on-premises domain join, for example, if you need to get mobile devices such as tablets and phones under control.
- Your users primarily need to access Microsoft 365 or other SaaS apps integrated with Azure AD.
- You want to manage a group of users in Azure AD instead of in Active Directory. This scenario can apply, for example, to seasonal workers, contractors, or students.
- You want to provide joining capabilities to workers in remote branch offices with limited on-premises infrastructure.
below devices that joined to azure AD pioneers101.onmicrosoft.com
Create Conditional Access Policy
NOW it is time to create policy to block purchasing department to access office 365 from unregistered devices in Azure AD
select condition access >> policies >> create policy
how policy applied
now user steve@networkspioneers.com is member of Purchasing group
steve will use PC34 which is NOT registered in Azur eAD directory to access https://office.com >> please check azure AD registered devices
conclusion
this article we have seen how to block group purchase to access ofice.com with unregistered devices in azure AD
next article we will apply conditional access policy with different requirements
please be tuning
