![]() ![]() ![]() |
Office 365 Conditional Access Policy lets you ensure only Windows 10 devices enrolled with MDM can access Office 365 (and/or other apps that require Microsoft Azure sign in), while restricting access to unenrolled devices. You can do this by creating a device-based Conditional Access policy on the Azure portal.
![]() |
Granting access is restricted to Windows 10 devices, whereas all other device types can be blocked if required. |
Configuring the Conditional Access policy consists of two steps:
![]() |
Test the policy against a smaller group of users to make sure it works as expected. |
![]() |
Right after enabling the Conditional Access policy on Azure, the selected users and groups cannot access Office 365 and other app(s) selected in the policy. |
In the Device Details view, all enrolled Windows 10 devices will be marked compliant and users can login to their Azure accounts and access Office 365 (and/or other apps included while creating the policy), using these devices.
![]() |
Unenrolled devices will be marked Non-compliant and users cannot log in to Azure using such devices. |
NOTE: For the Office 365 Conditional Access Policy to function in a streamlined and efficient manner, it is recommended to enroll Windows 10 devices using Windows Azure Autopilot enrollment.
Removing the Conditional Access policy consists of two steps:
After stopping the policy, MDM will not grant access to devices enrolled henceforth.
The devices to which you have already applied the policy will continue accessing Office 365 (and/or other apps included while creating the policy), if they are enrolled with MDM. Essentially, stopping the policy does not have an effect on devices to which you have already applied the Conditional Access policy.
In order to completely remove the policy, follow the steps mentioned in the next section.
To entirely remove the policy, even from all the devices to which the policy has already been applied, you must disable the Conditional Access policy on the Azure portal. Follow these steps.
This will ensure the policy gets completely removed and all the previously selected users and groups will be able to access Office 365, and other apps included while creating the Conditional Access policy.
See Also: | Device Enrollment, App Management, Profile Management, Asset Management, Security Management, Reports |
![]() ![]() ![]() |