Released this week in Intune is location-based compliance. In other words, based on your location your device is marked as compliant or not, based on the location you get access to services in Azure or Office 365 or not.

A location can be based on the following IPv4 variables;

  • IPv4 Range (eg. 192.168.1.0/24)
  • IPv4 Gateway
  • IPv4 DHCP server
  • IPv4 DNS Servers
  • DNS suffixes

Configure the location information

Scenarios to think of is that the when the device leaves the premises the device is automatically marked as not compliant and access to corporate resources managed by Azure AD Conditional Access are blocked automatically. Another scenario could be when your devices are configured with a special APN (Access Point Name) to connect to your network.

I think a nice feature for kiosk devices or devices that are normally only used on premises, but can we compare it with something like geofencing based on GPS information? I don’t think so, when using it to check the connected Wi-Fi, the information listed above can easily duplicated in a lab environment that you manage your own.  But it is a great first step and I would suggest to use it always in combination with other compliance policy settings and other device configuration policy settings.

When a device is connected to the wrong Wi-Fi network the user will see the following information;

The administrator will see the following compliance information;

Currently this is only available for Android legacy MDM, hope there will be more soon because this is a very good start of something really nice 🙂

Comments