Forum Discussion
Non persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the setting...
Hi, unfortunately, in the Intune interface, you can't directly set "Never persistent" for non-registered devices because the persistent session control is tied to Entra hybrid joined devices.
But there’s a workaround! It’s best to create two separate policies:
For registered devices - Use the "Require Microsoft Entra hybrid joined device" option and configure the session behavior as needed.
For non-registered devices - Create a policy that excludes registered devices. The good thing is that, by default, non-registered devices do not maintain an active session, so you still achieve a "non-persistent" session without explicitly selecting that option.
If you want to be extra sure, you can adjust Sign-in Frequency or access token lifetime, so users on non-registered devices have to authenticate more frequently.
For non-registered devices - Create a policy that excludes registered devices. The good thing is that, by default, non-registered devices do not maintain an active session, so you still achieve a "non-persistent" session without explicitly selecting that option.
You probably mean to use the condition "filter for devices"? Like seen in my screenshot
"For non-registered devices - Create a policy that excludes registered devices. The good thing is that, by default, non-registered devices do not maintain an active session, so you still achieve a "non-persistent" session without explicitly selecting that option."
Hi, thanks for that advice, but how do I exclude non registered devices within an Conditional Access Policy? I only see users and groups to exclude.
