Action required: Check your Conditional Access policies!

Action required: Check your Conditional Access policies!

capolaad00Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled.

Since the two are basically the same you need to check your Conditional Access policies are still configured correctly.

So go to either Microsoft Intune or Azure Active Directory to check if you Conditional Access is still configured.

CA general available in Azure AD but disabled

CA general available in Azure AD but disabled

 

CA disabled in Microsoft Intune

CA disabled in Microsoft Intune

Follow the next steps to verify the settings in Azure AD. (steps provided in the incident portal)

  1. Log in to the Azure console as an Administrator
  2. Select Active Directory
  3. Select your directory
  4. Select Applications
  5. Select Office 365 SharePoint Online or Office 365 Exchange Online, depending on whether you had previously setup conditional access for these services. If you had set up conditional access for both services, choose one of them and then repeat for the other service.
  6. Select Configure
  7. Scroll to the “device based access rules” section
  8. Set Enable Access Rules to On
  9. Verify that the other settings are configured as expected
  10. If applicable, repeat this process for the other service (Office 365 SharePoint Online, Office 365 Exchange Online) starting at step 6.
  11. Verify that Conditional Access is being enforced by testing from a mobile device or PC

 If you normally configure conditional access through the Intune Console use the following steps:

  1. Login to Intune as an Administrator
  2. Click on the Policy button
  3. Select Conditional Access
  4. Select SharePoint Online Policy or Exchange Online Policy, depending on whether you had previously setup conditional access for these services. If you had set up conditional access for both services, choose one of them and then repeat for the other service.
  5. Select “Enable conditional access policy”
  6. Verify that the other settings are configured as expected
  7. If applicable, repeat this process for the other service (SharePoint Online Policy or Exchange Online Policy) starting at step 5.
  8. Verify that Conditional Access is being enforced by testing from a mobile device or PC`

After changing the settings in either location, both should be the same;

CA configured again and same as Intune

CA configured again and same as Intune

 

CA configured again and same as AAD

CA configured again and same as AAD

 

Be sure to regularly check the health status of the Intune service via https://portal.office.com/adminportal/home#/servicestatus

Till next time!

Comments

 
Comments

No comments yet.

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.

 
Read previous post:
Intune and Lookout: the admin experience

The fourth blog about the integration of Microsoft Intune and Lookout MTP we will have Read more

Close