Conditional Access Microsoft Intune
This is a quick walkthrough of how to take advantage of conditional access for cloud apps using Microsoft Intune to secure access to applications on personal devices.
NOTE: You do NOT need to have the device managed in Intune in order for these settings to take affect they can be user targeted.
Setting up Conditional Access
Go to https://portal.azure.com and navigate to Intune. Once in the Intune blade click Conditional Access in the menu.
In the policies section choose “New Policy”
Enter a name for the policy and then choose user and groups under the assignments section
Select the User/Groups you want to include in the policy and click Done
Choose cloud apps under the assignments section and choose which apps you would like to include in the policy and click done. You can select All Cloud Apps or just choose specifics. In this example I am going to choose Microsoft Teams.
Choose Conditions in the assignments section and choose which conditions you would like to base the policy on. I.e. Device Platform (Operating System), Client Apps (Browser or Mobile and Desktop Apps). In this example I am going to Select Device Platform and choose Windows.
Under Access controls select grant and then select the controls to be enforced in the policy. In this example I am going to select require multi factor authentication.
The final thing to do is to enable the policy and click create.
Now the policy is live we can open Microsoft teams and try to login and see what happens. As you can see by the screenshot below the multi factor authentication has kicked in and I am required to answer a call or text in order to validate my access to Teams