S01E08 - Configuring Conditional Access in Microsoft Intune

S01E08 - Configuring Conditional Access in Microsoft Intune - (I.T)

Рет қаралды 29,563

Күн бұрын

00:00 - Intro
01:14 - Conditional Access discussion
docs.microsoft.com/en-us/azur...
What are common ways to use Conditional Access with Intune?
docs.microsoft.com/mem/intune...
06:55 - Baseline policies (Deprecated)
10:05 - Create a device-based Conditional Access policy
docs.microsoft.com/mem/intune...
11:54 - App-based Conditional Access with Intune
docs.microsoft.com/mem/intune...
20:32 - Planning Conditional Access discussion
28:42 - What is the What If tool in Azure Active Directory Conditional Access?
docs.microsoft.com/azure/acti...
33:38 - Using the location condition in a Conditional Access policy
docs.microsoft.com/en-us/azur...
35:01 - Terms and conditions for user access
docs.microsoft.com/mem/intune...
39:15 - Always On VPN deployment for Windows Server and Windows 10
docs.microsoft.com/windows-se...
46:30 - Manage emergency access accounts in Azure AD
docs.microsoft.com/azure/acti...
47:33 - Wrapping up
Visit our websites and social media for more or to get in touch with us
Steve Hosking - Microsoft EM+S MVP
/ onpremcloudguy
steven.hosking.com.au/
mvp.microsoft.com/en-us/Publi...
github.com/onpremcloudguy
Adam Gross
/ adamgrosstx
www.asquaredozen.com
mvp.microsoft.com/en-us/Publi...
github.com/AdamGrossTX
Ben Reader
/ powers_hell
www.powers-hell.com/
github.com/tabs-not-spaces Visit our websites and social media for more or to get in touch with us

Пікірлер: 33

@danielcercel4580 4 жыл бұрын

Congratulation for the best MS Intune course:) I paid for a few, but those were very lite :) you should add this one to an e-learning platform :) your hard work deserves to be rewarded. This course helps me to plan and implement Intune for my company (1000+ employees world wide). Thanks a lot guys, you rock!

@IntuneTraining 4 жыл бұрын

Thank you for the comment. We are happy to keep providing our content free of charge. Putting it behind a pay-wall would prevent many people from seeing it and we believe that it's important for everyone to see the benefits of Intune. Thanks for watching!

@yashpreetricky 3 жыл бұрын

best content for intune on KZbin

@niranmanandhar8517 4 жыл бұрын

Very informative.

@atomicsparks6709 4 жыл бұрын

Deprecated Feature @7:00 - Conditional Access | Policies are all gone.... It appears they have baseline protection policies that are a legacy experience that is being Deprecated. If your tenant was created on or after October 22nd, 2019, it’s possible you are experiencing the new secure-by-default behavior and already have security defaults enabled in your tenant.

@SweDownhill 3 жыл бұрын

This series is fantastic! Some audio sync issues in this episode though, but that's alright.

@ggeter 4 жыл бұрын

This stuff is truly valuable. Thanks.

@sandy-oj2nm 4 жыл бұрын

Hey Adam, Just picking up from your conversation in the video, you were discussing that a user was asking in the forum that all his users device were automatically getting added into the intune portal. Was it their Windows Devices? And if it so i believe that unless we manually AAD join the device its not possible right?

@Relaxing_Rhythm 4 жыл бұрын

Hey Adam and Steve, I have a question regarding the conditional access. So, the scenerio is Admin want the user who are using the Exchange Active Sync to continue using that, but if any user wants to use Outlook, user would require to enroll the device. I have create a CA policy where I have UNCHECKED the exchange active sync client. So the policy should exclude that user who are using EAS. But as soon as the policy gets applied. The user who are using exchange active sync are also getting the prompt to enroll the device. How we can achieve the goal. "Without enrollment user who are using EAS will get access" and user who wish to use Outlook would get a prompt to enroll device.

@prequiltothesequwill 4 жыл бұрын

I don't seem to have any of the baseline conditional access policies. Is there a way to regenerate those policies?

@sinceredom22 4 жыл бұрын

14:26 mark - unclear. So are you saying that the devices you don't check, in the "Include" section, won't have access, even if you add them to the "Excluded" section? Doesn't the "Exclude" section platforms make them exempt from the Policy; thus allowing access from the platform selected in that section?

@DrewWarren 4 жыл бұрын

@Sincere Katrina you are so right!!! You are the only other person that I think understands this. Every CA discussion currently treats Conditional Access with traditional Windows security assuming that the default behavior is 'block'. This is not the case. While Microsoft does not want their customers doing 'Block All' policies, it's required in any sort of business. Like Katrina said, if you exclude from policy, they aren't denied access to the app, they are excluded from the policy all together. Not enough of the community are talking about this!

@geecoders554 3 жыл бұрын

Have u tried integrating gsuite to intune and then apply conditional access on it? Eg. conditional access for gmail

@sstechworld1804 4 жыл бұрын

User can have full access to one drive in the office premise. When they access from other networks it should be web only.

@sstechworld1804 4 жыл бұрын

its possible in conditional access policy

@usmans6446 3 жыл бұрын

Godsent channel! Could you dive deeper into Access Controls such as Session Controls?

@jueliang 4 жыл бұрын

Thank for for another super useful ep. I got a message in the Conditional Access when creating new policy advising Microsoft recommends enabling Security defaults. Can you do a video comparing the security policy with security defaults? Thanks.

@tony6626 3 жыл бұрын

@14:40 you mention about Android devices not getting access, i dont believe this is correct. You would need to create a specific Block policy to prevent Android from accessing the app, leaving it unticked means Android is whitelisted as the CA policy doesnt apply to it (you have configured the policy to apply for everything except Android). Please confirm.

@seanvucich8263 2 жыл бұрын

Thanks for these training sessions - One thing that might improve the play lists though - They are backwards, EG: Start playing from the end of a season and end at the beinning - At least for Season 1 anyway.

@IntuneTraining 2 жыл бұрын

Thanks. That’s all Jake’s fault. He’s hoping to fix them soon.

@IntuneTraining 2 жыл бұрын

Jake has fixed it now.

@seanvucich8263 2 жыл бұрын

@@IntuneTraining Thanks heaps - But mostly, thanks for the content :)

@wilsonking965 2 жыл бұрын

Can you please make a new updated video regarding this topic :)

@niranmanandhar8517 4 жыл бұрын

Can you guide me to the Episode where you have talked about One drive KFM

@IntuneTraining 4 жыл бұрын

You can search the channel for the topics you need. Here’s the OneDrive video Intune.Training - Episode 6 - Configuring Modern Roaming Profiles with Microsoft Intune kzbin.info/www/bejne/iavcgmyHfZhmabM

@sixshiers 4 жыл бұрын

Is there a way to run the "What If" scenario without turning on the policy? Seems scary to have to enable it in order to test it...

@affroking 4 жыл бұрын

If you create a policy and don't apply it to anyone it won't be in effect on a user, group or device until it's assigned

@DrewWarren 4 жыл бұрын

@@affroking if that were the case, the WhatIf would not work since the user is not affected. This is why Microsoft just released the Report-Only mode for CA. Works like a charm. Create the policy, assign it to a group, THEN run the What-If. It will show you what action would be taken if the policy were actually impacting authentication; multifactor, force compliance, etc.

@mattcauthen 4 жыл бұрын

All your videos are all fantastic resources. Please keep it coming! Can you guys talk any about iOS native mail app auto config with SSO? We’ve beat our head against the wall for 2 months! Is this done with conditional access and disabling MFA? We’re referring to configuration of this article : docs.microsoft.com/en-us/intune/email-settings-ios

@josephdenice731 3 жыл бұрын

I am in a similar boat. We are looking to block non-intune compliant devices from getting iOS native mail.