Restricting Access to a Web Application Based on Device Compliance with Intune and Azure AD

Mohan s 20 Reputation points
2024-11-04T09:53:45.36+00:00

I am currently using Microsoft Intune to manage access to a third-party web application that has been registered as a web link app type. I have successfully added the application in Intune, and it appears in the Company Portal. However, users can share the link to the web application with others who do not have the Company Portal app installed, which allows access from non-compliant devices that I want to prevent.

Requirements:

  • Restrict access to the web application so that it can only be opened on devices compliant with our Intune policies.
  • Block users from opening the application on non-compliant devices, even if they have the link.

Steps Taken:

  1. Conditional Access Policies: Created a Conditional Access policy in Azure AD that requires devices to be compliant to access the application.
  2. Compliance Policies: Set up compliance policies in Intune to define the compliance criteria for devices.

Questions:

  1. What additional configurations or steps should be implemented to ensure that only compliant devices can access the web application and prevent link sharing?
  2. Are there specific Intune App Protection Policies that should be applied to further restrict access based on device compliance?

Any guidance or best practices on how to effectively enforce these restrictions would be greatly appreciated!

Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
242 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
317 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
969 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
171 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,365 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 14,870 Reputation points Microsoft Vendor
    2024-11-05T02:56:52.5566667+00:00

    @Mohan s, Thanks for posting in Q&A.

    From your description, I know you want to restrict access to a web application using Intune and have created Conditional Access Policies and Compliance Policies.

    Based as I know, Conditional access policy prevents access to a resource by blocking the target resource, through your description, devices that do not comply with the conditional access policy can still access the application, it may be because you configured the Target Resource incorrectly, so please check if your target resource is correct.

    User's image

    Here is a link about all resource we can configure.

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps

    Also, please look through the sign in log to see if the conditional access policy is working properly.

    https://learn.microsoft.com/en-us/entra/identity/monitoring-health/how-to-view-applied-conditional-access-policies

    Please check above information, if there is any update, feel free to let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.