Introducing the types of Conditional Access
There are different applications of Conditional Access, which we will discuss in this section, starting with device-based policies.
Device-based Conditional Access
With device-based Conditional Access, you can ensure that only devices that are managed and compliant can access the services provided by Microsoft 365, such as Exchange Online, Software as a Service (SaaS) apps, and even on-premises apps. It is also possible to set specific requirements; for instance, that computers must be hybrid Azure AD-joined or require an approved client app for enrolment in Intune to access services.
Device policies can be configured to ensure device compliance and give administrators visibility on the compliance status of devices that have been enrolled in Microsoft Intune. This compliance status is passed to Azure AD, which then triggers a Conditional Access policy when users attempt to access resources. The Conditional Access policy either allows...