Block Personal Computers with Conditional Access in Microsoft 365

preview_player
Показать описание
Wouldn't it be great to just simply block the use of personal computers in Microsoft 365? This would mean that access to Microsoft 365 could only be done on company-owned devices that were part of Intune. You can do this by using a conditional access policy and I will show you in this video.

🧑‍🏫 NEW Course - Discover Microsoft 365 and Get More Done

🆓 FREE Facebook Group
From security to productivity apps to getting the best value from your Microsoft 365 investment, join our Microsoft 365 Mastery Group

🆓 FREE Microsoft 365 Guide
Our FREE Guide - Discover 5 things in Microsoft 365 that will save your business time and money….. and one feature that increases your Cyber Security by 99.9%

💻 Want to Work Together?

😁 Follow on Socials
TikTok @bearded365guy
Instagram @bearded365guy

Chapters
0:00 Introduction
00:36 Basic Conditional Access
01:14 Advanced Conditional Access Policy
02:19 Word of Warning
03:12 Demo
05:09 Create Conditional Access Policy
08:06 Test CA Policy
  1. Jonathan Edwards
  2. cloud app security
  3. conditional access
  4. azure ad
  5. windows 10
  6. office 365
Рекомендации по теме
Block Personal Computers 0:09:19

Block Personal Computers with Conditional Access in Microsoft 365

Block Access to 0:05:59

Block Access to company data on non-compliant Windows 10 machines (Intune, Conditional Access)

the effects of 0:00:47

the effects of phones' radiations on your health ... #elonmusk

48. How to 0:09:14

48. How to Create a Device based Conditional Access Policy with Intune

Conditional Access With 0:14:22

Conditional Access With Microsoft 365 - A Step By Step Guide

Ultimate setup for 0:15:13

Ultimate setup for Windows and MacOS devices a BYOD scenario

Restricting Download to 0:07:51

Restricting Download to Personal or Unmanaged Devices

How to Block 0:04:55

How to Block or Unblock any Website in windows PC

Windows 11 Unsupported 0:04:11

Windows 11 Unsupported Old PC, CPU Blocked? Check first Before you install.

Block USB devices 0:03:01

Block USB devices on Windows PC using Intune

How to Block 0:00:23

How to Block Cookies in Chrome on Computer

How to Block 0:01:54

How to Block Users from Installing Software on Your Windows Computer

Blocking Windows 11: 0:04:11

Blocking Windows 11: Keep Your PC on Windows 10 with These Tips

Block All Windows 0:05:56

Block All Windows Advertising on PC

Block Users From 0:03:36

Block Users From Accessing Your Software's on Your Computer Desktop Laptop Windows .Easy Way

How to Block 0:00:29

How to Block Cookies in Firefox on Computer

BLOCK OTHER USERS 0:03:39

BLOCK OTHER USERS INSTALLING SOFTWARE IN YOUR PC - WINDOWS 10 TIPS & TRICKS

Don't Block PSU 0:00:29

Don't Block PSU Intake Fan - PC Building Tips for Beginners #Shorts

AskAdmin - Block 0:05:38

AskAdmin - Block Programs From Running On Your Computer

Block access to 0:03:35

Block access to PC Settings and Control Panel Win 10

Tech Support Courses 0:07:20

Tech Support Courses How to Block Microsoft Spying on my Computer

How to Block 0:01:06

How to Block Website on your Windows PC without using any software

This Windows 10 0:01:20

This Windows 10 network setting will block access to other computers on your network #missing #pcs

How to Block 0:01:28

How to Block Third - Party Cookies in Chrome on Your PC

Комментарии
Автор

Very powerful, but not user friendly. We learned to consult this with clients and make them clear what this really means. Our best scenario is to block unmanaged devices to Sharepoint but allow access via the Browser (limited experience). But even this gives issues (not technically but on user level). I am all for it, but this does not work for SMB, mostly. Bu great video again!

SeiferAlmasy
Автор

Dude, your videos are epic! I gained so much knowledge on this topic of CA and App Policies.

JannievanderWalt
Автор

This worked wonderfully for me. I excluded Exchange online, so all cloud apps were blocked except for email and it is doing exactly what I hoped for thanks to this video. Thank you so much Jonathan!

shellpie
Автор

Just found your channel. Loving it. Do you think you could do a full video on setting up a test tenant? Was thrown into supporting Azure after it was setup so would be very helpful setting up my own to learn what I missed and to have something to test.

nottad
Автор

best content, with real world scenarios as usual keep it up

nazerbori
Автор

Excellent, a useful policy would be able to allow some users to access OWA and Teams from private devices.

Now you could allow users to access OWA and Teams from a web-browser and also access attachments in emails and files stored in Teams (so SharePoint), of course assuming you allow Teams and SharePoint access in the CA.

But how can you prevent files from being saved on the non-corporate device hard drive?

Jean-MichelRoberts
Автор

Great info, but how does it work with Hybird Entra installs where AD is installed on-prem?

andrewenglish
Автор

Excellent. Some great tips here. In the opposite direction, how would you go about setting up Conditional Access for a small startup where everyone is using their own laptops? What would you turn off, what would you leave on? Any special case policies?

daelra
Автор

Currently running a test with this with Report Only on, do you know if an easy place to see which machines are being reported to have violated this? I think i can see them in the identity sign in page, but curious if there is a better/easier way to view the reports.

Alkraizer
Автор

in Conditional Access - could a device that's joined to local AD be classified as organization owned? if so how does CA pick this up ? or is it for intune enrolled devices only?

Автор

We use Microsoft Intune to manage Windows devices and Kandji MDM for Apple devices. Is there a possibility to add that into the filtered configurations?

efraintalamantes
Автор

Johnathan, your videos and style of presentation have been helpful. Does your organization (you) also do live events?

ifoam
Автор

We block personal device enrolment and have setup conditional access policy to only allow compliant intune devices. We allow online usage only for personal devices with app enforced restrictions also.

joeraymen
Автор

Hi Jonathan, thanks for the great video. I am curious as to your using an OR statement for the filter. Is there an historical reason for using just DeviceOwnership not equals Company?

andrewwitton
Автор

Hi Jonathan, I'm curious about something. How does Intune detect the device that is not a company computer? You logged in from the incognito tab and tried to access it and it caught you. How did it detect that? Did he check to see if the device was in the domain? If so, how did he do that?

mertozsoy
Автор

Would be great for feedback on still wanting to allow guest access to Microsoft Teams files to other businesses that are approved, they wouldn't have a corporate device?

IronEagle
Автор

I've implemented all of your CA policies and they're great, but this one blocks re-adding an Autopilot device to Intune after a Wipe. Any suggestions? Thanks

rod
Автор

Does conditional access generally require the default policies to be turned off to work at all? (that you mention to turn off in the video where you created the 7 policies).

As I did what you did here, but ticked Android additionally, and I am still able to sign in on my personal android and Windows devices to both browser and apps.
Policy is "On"

Any idea what I have missed?

RoHan-
Автор

Hello

Could you advise on this please?

If we implement the policy it's effectively saying only inTune managed Windows devices can access Office 365. However, we use dumb terminals to allow users to access Citrix. When we implemented the policy we found that it worked but the knock on effect is that it blocked the use of IGELS and Citrix (hosting a Windows image) to access O365. Can you advise if there is easy work around to this as the IGELS can't be added to inTune.

Thanks

Tim

LetsGo_
Автор

Thank you for this, working like a charm. a question though, what happens to the users logged in already on personal devices? do they get logged out? cause in my testing, the logged in user stayed logged in

nazerbori