Device-based policies for Azure AD Conditional Access available in preview | On MSFT

Kit McDonald
3 min read

Device-based policies for Azure AD Conditional Access available in preview


4 months ago in Latest news

A preview for the Azure AD Conditional Access was announced today in the Enterprise Mobility and Security Blog. The device-based policies make it possible to restrict access to enterprise managed devices and to configure them for your organization’s individual needs. This is particularly useful to protect you from unknown devices and those that don’t meet security policies.

As detailed in the Azure Active Directory for conditional access, you can check off criteria of what a device meets before they have access to the application.

Policies can be set based on the following requirements:

  • Domain joined devices – You can set a policy to restrict access to devices that are joined to an on-premises Active Directory domain and are also registered with Azure AD. This policy applies to Windows desktops, laptops or enterprise tablets that belong to an on-premises Active Directory domain which have registered with Azure AD. For more information on how to setup automatic registration of domain joined devices with Azure AD, see How to setup automatic Registration of Windows domain joined devices with Azure Active Directory.
  • Compliant devices – You can set a policy to restrict access to devices that are marked compliant in the directory by the management system. This policy ensures that only devices that meet security policies such as enforcing file encryption on a device are allowed access.

To test out these new policies, go to the Azure Management Portal and select that application. Configuring the app is as simple as switching the Enable Access Rules button on. More importantly, it works with every application that authenticates with Azure AD such as Office 365, Azure, Microsoft CRM and all the apps available.

Of course, for the devices to participate they need to be registered with Azure AD in one of the following ways:

  1. Windows domain joined devices (in on-premises Active Directory) can be easily registered with Azure AD in an automatic manner. This includes both Windows 10 and down-level Windows devices.
  2. iOS and Android devices are registered with Azure AD when they get enrolled into Microsoft Intune, our MDM service.
  3. Windows 10 Azure AD joined devices are registered upon join to Azure AD.
  4. Windows 10 personal devices (BYOD) are registered when the work account is added to Window

The policies support iOS, Android, Windows 10 Anniversary Update, Windows 7, and Windows 8.1 devices. Learn more about conditional based access for Azure AD on its documentation page.


Further reading: , , , ,

Will the new device-based policies be useful for your organization?

Read these stories next

Microsoft just launched a new app called Skype Mingo on Android

Almost half of Xbox One owners play backwards compatible Xbox 360 video games

The final chapter in Batman: The Telltale Series is out right now on Xbox One and Windows 10

Users can now stream HoloLens apps to iOS devices

Reminder: Only 24 hours left to play Mossa and other Xbox Fitness workouts

Microsoft Translator is now the world’s first personal universal translator

Microsoft continues blockchain push with AMIS partnership in Taiwan

Lenovo launches their new Windows 10 2-in1, the Yoga Book, in India

Share this article:
Tags:

Related Articles

PowerToys 0.75 released; Environment Variables editor is here

October 31, 2023

Former Halo developer Bungie announces layoffs in wake of game delays

October 31, 2023

Siemens and Microsoft partner to bring GenAI to industries worldwide

October 31, 2023

Leave a Comment

Your email address will not be published. Required fields are marked *