Forum Discussion
Block none enrolled device to user who have enrolled devices
First of all, thank you for everything. I have users who have their device enrolled with the company. I have others who don't yet. I need to block access with personal devices to those users who al...
Hi, if you want to block access from personal devices for users who have already enrolled a corporate device, here's a straightforward approach:
-Identify users with enrolled devices:
Create a dynamic group in Azure AD that includes users who have at least one enrolled device. You can do this by leveraging attributes provided by Intune (or your MDM system). If there's no specific attribute already in place, you might need to set one up or configure a custom rule.
-Apply a Conditional Access Policy:
Once the group is defined, set up a Conditional Access policy that requires the device to be enrolled or compliant to access corporate resources. This way, if a user in the group attempts to access from a personal (non-enrolled) device, access will be blocked.
This approach ensures that users with an enrolled device use only authorized devices without affecting those who haven’t enrolled any device yet.
