Noncompliant devices shall be blocked from accessing corporate resources
Description
Device compliance policies allow us to define the necessary settings on a particular platform that meets corporate requirements. Device compliance policies paired with conditional access policies allow us to prevent access to corporate resources on noncompliant devices. Devices that are not in compliance should not have access to corporate resources.
Policy
Noncompliant devices shall not be able to access corporate resources
Licensing Considerations
This setting requires at least an Azure AD P1 license which comes standalone or as part of the following bundles:
EMS+E3/E5
Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5
Set-Up Instructions
Device compliance policies in Microsoft Intune | Microsoft Learn
To configure a conditional access policy for compliant devices:
Follow the steps outlined here to create a conditional access policy
Under the assignments section, Include all users. Be sure to Exclude a break-glass account to ensure you never lock yourself out.
Under the Cloud Apps section, include all cloud apps
Do not configure anything in the conditions section
Under the Grant section, choose Require device to be marked as compliant
End-User Impact
Level: High
Any user that is trying to access corporate data on a device not marked as compliant shall receive a message letting them know they are blocked and will be told to contact IT. This includes both devices enrolled into Intune and marked as noncompliant as well as devices that are not enrolled at all into the solution.
Tips
A formal process definition should be in place for investigating noncompliant devices. Common use cases for noncompliant triggers should be documented to expedite resolution
Automation should be put in place where possible to alert on noncompliant devices in order to be more proactive.
Users should have way to readily contact support that is not through email as they will not have access to enter outlook
PowerShell Scripts
Videos
Last updated
