48. How to Create a Device based Conditional Access Policy with Intune

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone welcome to Amazon TV webcast in this video we are going to see the steps on how to create a device-based conditional access policy with InTune with Microsoft InTune device compliance policies conditional access policies can use a device's status to either Grant or deny access to our organization's apps and services we can use the Microsoft endpoint manager admin Center to configure our device based conditional access policies the policies we create can specify the apps or Services we want to protect the conditions under which the apps or Services can be accessed and the uses the policy applies to using conditional access policies in InTune we can ensure our devices are compliant before accessing our cloud services there is a checkbox feature to Grant access only for compliant devices this way we can create a conditional access policy to protect our services and allow access only to devices marked as compliant to take advantage of device compliance status configure conditional access policies to require device to be marked as compliant this option is set while configuring Grant access during the conditional access policy creation first sign in to Microsoft endpoint manager admin Center as a global administrator we can access Microsoft endpoint manager using the URL https endpoint.microsoft.com on home page click on devices click on all devices let me click on refresh we can see the not compliant status for our test device name lab win10 hyphen cli01 we will teased our conditional access policy using this Windows 10 device let me click on the device name under monitor I'm going to click on device compliance you can see I have created one test policy for Windows 10 device compliance we can see we have test compliance policy with error State and we click on it PPM module is not available on our Windows 10 device that's why this Windows 10 device is not compliant click on endpoint security under manage click on conditional access we will be on policies page click on new policy plus icon to create a new conditional access policy type of meaningful name for the conditional access policy we will give name test conditional access policy with InTune under assignments select users or workload identities to configure the identities in the directory that the policy applies to on the include tab configure the user and groups you want to include choose select users and group options to select artist group select the check box in front of users and groups from the list select user or group we will select artist user group name test users click on select next select Cloud apps or action which is also under assignments let me click on that link configure this policy to apply to Cloud apps on the include tab use available options to identify the apps and services you want to protect with this conditional access policy we will choose all Cloud apps we can see the warning message don't lock yourself out since we are testing this policy only on specific device that's why we are going with all Cloud apps if you choose select apps then select the apps and services you want to protect over this policy next configure conditions let me click on this link select the signals you want to use as conditions for this policy we are not going to select any conditions for this test policy from here you can select filter for devices condition I'll create a separate video on how to use filter for devices as a condition in conditional access policy under Access Control select Grant select the checkbox in front of a required device to be marked as compliant again we can see the message do not lock yourself out make sure that your device is compliant click on select under enable policy tap on on by default the policy is set to report only click on create button to create new conditional access policy in InTune wait for the confirmation message we can see the message successfully created taste conditional access policy with InTune policy will be enabled in a few minutes we can see a conditional access policy and state is on so we have successfully created the device based conditional access policy in indun now it's time to test the result let's go to artist Windows 10 device on this device I have login using the credentials of our Azure active directory user name test user 2. let me show you that click on start button we can see the username is testuser2 first we will perform the manual sync with InTune let me click on sync to start the process okay sync was a successful now I'm going to restart this Windows 10 device to see the results quickly let me restart this Windows 10 device after restart again sign in to this Windows 10 device first of all I'm going to open Microsoft Edge web browser type the URL https call in double slash my account dot microsoft.com and press enter key we can see the message get access to this resource this device does not meet your organization's compliance requirements open your organization's device management portal to take action since this device does not meet our organization's compliance requirements we cannot access Azure resources on this device this Windows 10 device is not compliant and according to our conditional access policy it will only Grant access to resources if the device is compliant so that's why we are not able to access any Azure resources on this Windows 10 device once the Windows 10 device is compliant then users can access Azure resources on this device without any issue this means the device based conditional access policy is working perfectly fine in our test environment that's all for this video on how to create a device based conditional access policy with InTune using Microsoft endpoint manager admin Center thank you all for watching this video have a nice day
Info
Channel: MSFT WebCast
Views: 5,298
Rating: undefined out of 5
Keywords: intune, microsoft intune, conditional access, intune tutorial, intune tutorial beginners, microsoft intune tutorial, intune basics, intune mdm tutorial, microsoft intune for beginners, mdm, device based conditional access policy, azure ad device based conditional access policy, Set up device-based Conditional Access policies with Intune, Conditional access policy for device compliance, Create Device-Based Conditional Access Policy, Intune Conditional Access policy, msintune
Id: jKCj0yl_Wfc
Channel Id: undefined
Length: 9min 13sec (553 seconds)
Published: Mon Apr 17 2023
Related Videos
49. How to Use Filters for Devices as Condition in Conditional Access Policy
MSFT WebCast
2K
Microsoft Intune From Zero to Hero
Andy Malone MVP
103K
How to set up App Protection Policies in Microsoft Intune
Harry Lowton
25K
How to Configure a Conditional Access Policy for AVD
Travis Roberts
642
How to setup Multifactor Authentication for Intune Device Enrollment
Techtron
924
Conditional Access - How it Works!
Andy Malone MVP
21K
Configure Intune Compliance Policy and Conditional Access Policy ! Microsoft Intune 2023
Teach Me Cloud
1.7K
Learn Conditional Access in just 25 Mins
Andy Malone MVP
19K
Microsoft Intune App Protection Policies demo and discussion
Adam Brewer
16K
Configure Azure AD Conditional Access in Under 10 minutes? Let's try it
CloudManagement.Community
10K
Teams devices for IT Pros 2: Intune Compliance & Conditional Access with Teams Android devices
Michael Tressler
6.6K
How to Enroll Windows Device In Intune?
Concepts Work
81K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.