Office 365 Conditional Access

Overview

Office 365 Conditional Access Policy lets you ensure only Windows 10 devices enrolled with MDM can access Office 365 (and/or other apps that require Microsoft Azure sign in), while restricting access to unenrolled devices. You can do this by creating a device-based Conditional Access policy on the Azure portal.

Granting access is restricted to Windows 10 devices, whereas all other device types can be blocked if required.

Prerequisites

Configure Conditional Access Policy

Configuring the Conditional Access policy consists of two steps:

Creating the Conditional Access policy on the Azure Portal

Right after enabling the Conditional Access policy on Azure, the selected users and groups cannot access Office 365 and other app(s) selected in the policy.

Applying the policy on MDM

In the Device Details view, all enrolled Windows 10 devices will be marked compliant and users can login to their Azure accounts and access Office 365 (and/or other apps included while creating the policy), using these devices.

Unenrolled devices will be marked Non-compliant and users cannot log in to Azure using such devices.

NOTE: For the Office 365 Conditional Access Policy to function in a streamlined and efficient manner, it is recommended to enroll Windows 10 devices using Windows Azure Autopilot enrollment.

Removing Conditional Access Policy

Removing the Conditional Access policy consists of two steps:

Stopping the policy on MDM

After stopping the policy, MDM will not grant access to devices enrolled henceforth.  The devices to which you have already applied the policy will continue accessing Office 365 (and/or other apps included while creating the policy), if they are enrolled with MDM. Essentially, stopping the policy does not have an effect on devices to which you have already applied the Conditional Access policy.

In order to completely remove the policy, follow the steps mentioned in the next section.

Disabling the policy on the Azure portal

To entirely remove the policy, even from all the devices to which the policy has already been applied, you must disable the Conditional Access policy on the Azure portal. Follow these steps.

This will ensure the policy gets completely removed and all the previously selected users and groups will be able to access Office 365, and other apps included while creating the Conditional Access policy.

See Also: Device Enrollment, App Management, Profile Management, Asset Management, Security Management, Reports
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine