Conditional Access : Require device to be compliant

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

organization may allow users to use their computers  to increase productivity

but  IT staff need to first manage the device identities.

IT staff can build on the device identity with tools like Microsoft Intune to ensure standards for security and compliance are met.

Azure Active Directory (Azure AD) enables single sign-on to devices, apps, and services from anywhere through these devices.

this article we will create conditional access policy to force computer to be marked as compliant with Azure AD 

Getting devices in Azure AD

To get a device in Azure AD, you have multiple options:

Azure AD registered

    • Devices that are Azure AD registered are typically personally owned or mobile devices, and are signed in with a personal Microsoft account or another local account.
      • Windows 10
      • iOS
      • Android
      • MacOS

Azure AD joined

    • Devices that are Azure AD joined are owned by an organization, and are signed in with an Azure AD account belonging to that organization. They exist only in the cloud.
      • Windows 10
      • Windows Server 2019 Virtual Machines running in Azure (Server core is not supported)

Hybrid Azure AD joined

    • Devices that are hybrid Azure AD joined are owned by an organization, and are signed in with an Active Directory Domain Services account belonging to that organization. They exist in the cloud and on-premises.
      • Windows 7, 8.1, or 10
      • Windows Server 2008 or newer

how to join computer to Azure AD

let supposed you would like to use your personal computer to business work >>

so,,,

you have to join Azure AD 

select computer settings 

select settings gear
search for access to work or school
provide your credential
provide password
device join to Azure AD
device join to Azure AD
device join to Azure AD

company requirement

pioneers organization require and computer to access office.com >> should be compliant as you are working in sensitive information 

create policy

now let us to create policy 

open portal azure >> conditional access >> policy >> create new policy 

new policy
set policy name and users applied
set all application
for condition >> select all device but exclude compliant devices
for condition >> select all device but exclude compliant devices
for access control device should be compliant
enable policy and create
policy created

user action

now let user john to use computer PC34 [which is NOT registered in Azure AD ] to access office.com 

 

user provide credential
user password
device should be compliant

Conclusion

conditional access policies is great tool to protect identities

in past articles   : we have discussed the concepts of conditional access 

Also : we have seen how to practice conditional access with many different company requirements 

next article we will see how to simulate conditional access policy 

thank you 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Maher Mustafa islaieh

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us