Recent Posts
Featured posts
Categories
dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read
No comments

Action required: Check your Conditional Access policies!

Peter Daalmans
15/11/2016
Total
0
Shares
0
0
0
0
0
0
0
0
0
0

capolaad00Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled.

Since the two are basically the same you need to check your Conditional Access policies are still configured correctly.

So go to either Microsoft Intune or Azure Active Directory to check if you Conditional Access is still configured.

CA general available in Azure AD but disabled
CA general available in Azure AD but disabled

 

CA disabled in Microsoft Intune
CA disabled in Microsoft Intune

Follow the next steps to verify the settings in Azure AD. (steps provided in the incident portal)

  1. Log in to the Azure console as an Administrator
  2. Select Active Directory
  3. Select your directory
  4. Select Applications
  5. Select Office 365 SharePoint Online or Office 365 Exchange Online, depending on whether you had previously setup conditional access for these services. If you had set up conditional access for both services, choose one of them and then repeat for the other service.
  6. Select Configure
  7. Scroll to the “device based access rules” section
  8. Set Enable Access Rules to On
  9. Verify that the other settings are configured as expected
  10. If applicable, repeat this process for the other service (Office 365 SharePoint Online, Office 365 Exchange Online) starting at step 6.
  11. Verify that Conditional Access is being enforced by testing from a mobile device or PC

 If you normally configure conditional access through the Intune Console use the following steps:

  1. Login to Intune as an Administrator
  2. Click on the Policy button
  3. Select Conditional Access
  4. Select SharePoint Online Policy or Exchange Online Policy, depending on whether you had previously setup conditional access for these services. If you had set up conditional access for both services, choose one of them and then repeat for the other service.
  5. Select “Enable conditional access policy”
  6. Verify that the other settings are configured as expected
  7. If applicable, repeat this process for the other service (SharePoint Online Policy or Exchange Online Policy) starting at step 5.
  8. Verify that Conditional Access is being enforced by testing from a mobile device or PC`

After changing the settings in either location, both should be the same;

CA configured again and same as Intune
CA configured again and same as Intune

 

CA configured again and same as AAD
CA configured again and same as AAD

 

Be sure to regularly check the health status of the Intune service via https://portal.office.com/adminportal/home#/servicestatus

Till next time!

Comments

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
Share 0
Share 0
Share 0
Share 0
Share 0
Share 0
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Intune and Lookout: the admin experience

byPeter Daalmans
17/10/2016
Next Post

ConfigMgr Cloud Management Gateway – a first look

byPeter Daalmans
19/11/2016
Related Posts
Total
0
Share
0
0
0
0
0
0
0
0
0