1. Knowledge Base
  2. Security
  3. Microsoft Endpoint Manager / InTune

Create a Device-Compliant Conditional Access Policy within Intune.

How do we create a conditional access policy to ensure any connecting device complies with compliance requirements within Intune?

Access the Microsoft Intune/EndPoint Manager Portal

Select "Endpoint security" and, from the middle menu, select "Conditional access".

Select "Policies"

Select "New policy"

Give your policy a name, e.g. "Require Compliant Device", and then select "All users" but, as best practice, always exclude 1 x admin account (the same one each time, in case you ever get a policy wrong, you don't lock everyone out - if this was an MFA policy, the account still needs MFA, just not policy applied)

Select "Target resources" and set this for "All cloud apps"

In the "Conditions" section, we can choose to target specific devices or other settings, but for this example, we will target IOS and Android devices only. Select "Device Platforms" and then select "Configure: Yes" and "Select device platforms: Android and IOS" then click "Done".

We then set the requirements of the policy by selecting "Grant" within the "Access controls" section, choosing "Grant access" and "Require device to be marked as compliant" along with "Require all the selected controls" and then clicking "Select"

We can then enable the policy by selecting "Enable Policy: On" and clicking the "Create" button.