Conditional Access Microsoft Intune

Conditional Access Microsoft Intune

This is a quick walkthrough of how to take advantage of conditional access for cloud apps using Microsoft Intune to secure access to applications on personal devices.

NOTE: You do NOT need to have the device managed in Intune in order for these settings to take affect they can be user targeted.

Setting up Conditional Access

Go to https://portal.azure.com and navigate to Intune. Once in the Intune blade click Conditional Access in the menu.

Intune

 

In the policies section choose “New Policy”

Conditional Access

Enter a name for the policy and then choose user and groups under the assignments section

Policy

Select the User/Groups you want to include in the policy and click Done

User and Groups

Choose cloud apps under the assignments section and choose which apps you would like to include in the policy and click done. You can select All Cloud Apps or just choose specifics. In this example I am going to choose Microsoft Teams.

Cloud Apps

Choose Conditions in the assignments section and choose which conditions you would like to base the policy on. I.e. Device Platform (Operating System), Client Apps (Browser or Mobile and Desktop Apps). In this example I am going to Select Device Platform and choose Windows.

Condtions

Under Access controls select grant and then select the controls to be enforced in the policy. In this example I am going to select require multi factor authentication.

MFA

The final thing to do is to enable the policy and click create.

Conditional Access

Now the policy is live we can open Microsoft teams and try to login and see what happens. As you can see by the screenshot below the multi factor authentication has kicked in and I am required to answer a call or text in order to validate my access to Teams

MFA

Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME

Leave a Reply

Your email address will not be published.