Sometimes we need to set some conditions for which users that most gain access to certain areas of our IT services or cloud apps. In this test lab we will make a conditional access (CA) rule though Intune that provending a little group of users from our main office in Denmark to access Microsoft teams. The group of user are IT student with a Microsoft 365 E5 license.
Note: Conditional Access is an Azure Active Directory capability that is included with an Azure Active Directory Premium license (AAD P1 Licenses).
Note: For general use of Intune you must have one of these licenses – See picture below:
|Enterprise Mobility + Security E3||Intune||Learn more|
|Enterprise Mobility + Security E5||Intune||Learn more|
|Microsoft 365 Education A1||Intune for Education||Learn more|
|Microsoft 365 Education A3||Intune for Education||Learn more|
|Microsoft 365 Education A5||Intune for Education||Learn more|
|Microsoft 365 E3||Intune||Learn more|
|Microsoft 365 E5||Intune||Learn more|
|Microsoft 365 F1||Intune||Learn more|
|Microsoft 365 Business||Intune||Learn more|
Note: To manage Intune for Cteate, modify or delete content the role of Conditional Access administrator or global administrator is needed.
Note: The security group is created with a dynamic query with job title equals to IT students, so all users with that title will automatically be member of this security group and therefore get the Conditional Access policy applied. Notice some dynamic rules can take up to 24 hours to sync.
Microsoft lets get a ability to trigger a dynamic group update on the fly please?.
Note: Its possible to create trusted locations based on IP addresses. A hole range of IPs can be added.
Note: Browser – Mobile apps and desktop clients and Modern authentication clients will be affected.
Note: Now this policy are enforced and hits the target group and user members.
Note: Sorry for the danish language its just saying that we cannot get access to the resource because of a CA policy.