Microsoft is excited to announce the Preview of device-based policies for Azure AD Conditional Access!
These policies help you stay in control of your organization’s data by restricting access to enterprise managed devices. Policies can be applied on a per-application basis to require that devices be managed by your company and be correctly configured . The new capability supports iOS, Android, Windows 10 Anniversary Update, Windows 7 and Windows 8.1.
This release, in conjunction with the per app MFA and location based rules, offer organizations the a robust and flexible tools for protecting resource, taking into account both the user and their device when an application is accessed.
And one more cool thing! It works with EVERY application that authenticates using Azure AD. That means Office 365, Azure and Microsoft CRM as well as all the apps in our app gallery, including thousands of apps like ServiceNow, Salesforce.com & Concur, plus on-premises applications published through the Azure AD Application Proxy.
Please note: Conditional Access is a feature of Azure AD Premium.
To set these policies is easy. On the Azure Management Portal, select the application you want to protect. Under the ‘configure’ tab you will find the control to enable device base access rules.
When you enable these rules, you can select which users or groups the policy applies to, which devices are covered and which type of client applications are covered (browser and native apps or native apps only).