This is typically non-Microsoft based platforms, such as Apple and Google platforms. Assuming we have limited the ability to enroll into Intune to corporate devices only, we can reasonably use the terms managed and corporate interchangeably.Īn important point to note is that Azure AD may prompt some platforms and browsers for certificate information if a device state based Conditional Access policy is used. Devices in neither state are regarded as unmanaged. This means an IT administrator has some level of control over that device, such as the ability to apply and control settings either from Group Policy or Intune. Strictly speaking, the correct term for a device in either of these states is a managed device. In the screenshot below, you can see how Azure AD reports back the hybrid Azure AD join type. This is only suitable for Windows devices.
We’ve covered how to get your devices into this state here. Hybrid Azure AD joined refers to a state where a device is joined to your on-premises Active Directory, but also synchronized and joined to the cloud-based Azure AD. We do this based on the device state.Īlthough there is no device state called “corporate device” in Conditional Access, we can identify two things about a device and infer from them a device is corporately owned: In our scenario, we’ll use Conditional Access to allow users to sign in to Office 365 only on corporate devices. How Conditional Access identifies corporate devices Even if you grant access, you can force additional measures, such as responding to a multi-factor authentication (MFA) prompt, or how long before they must log in again. Part of the Azure Active Directory Premium P1 license, with Conditional Access you control the conditions under which a user is granted or blocked access to Azure AD resources. What happens to local copies of data when that user leaves the organization?Īzure Active Directory Conditional Access can put administrators back in control. For example, by default, a user can authenticate to their corporate OneDrive or mailbox on a personal device with absolutely no limitations on the ability to synchronize all the files and emails hosted in that service. One of your primary concerns as a result of this may be data loss prevention.
In fact, most Office 365 and Microsoft 365 subscriptions license users to install and use their apps on up to five devices. As the world was forced to work from home, Office 365 apps such as Teams, Outlook, SharePoint, and OneDrive could easily be accessed outwith the traditional company network, and even on non-company devices. World events since March 2020 have highlighted one of the key benefits of Office 365 and cloud-based SaaS services in general: they are available any time, any place, on any device.