Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.
The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intunegraphoverview780 votes
We’ll be wrapping up work soon, after making updates from feedback we’ve received so far. We should have a public date soon.
We have around 200 locations that use dynamic IP addresses that change frequently. We have the ability to pull the public IP addresses via REST API/PowerShell, but there is currently no way to update the Named Locations list programmatically. Without PowerShell, we are forced to manually dump the list to a CSV and upload the new file.
We would like to have the ability to add, remove, update Named Locations and entries in the IP Ranges of a Named Location.173 votes
We’ve begun this work.
We use Airwatch for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by Airwatch before allowing access to certain applications.
Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support 3rd party EMM solutions.168 votes
Thanks for your feedback. Microsoft is currently working with third party MDM providers to enable this scenario. We will update this thread once we have more information to share.
I'd like to enforce enrollment for Corporate devices but not for Personal devices; for the same user account. So I can create Dynamics Device Groups but I if I assign these groups to Conditional Access policies, it doesn't work.34 votes
Show that Exchange ActiveSync is bypassed by Azure Conditional Access in Sign-In activity. It is currently very confusing to customers to see what policies are enforced for Exchange Online ActiveSync.
It should be easy to see that no Azure Conditional Access policies are applied to Exchange ActiveSync, Intune doesn't enforce company portal and that Exchange ActiveSync is not blocked on the Exchange Backend.
Microsoft Case for reference: "RE: [REG:118121325001709] ] Conditional access not applied"
Att.: Caleb and Dhanyah
/Peter Selch Dahl15 votes
Many organizations would like to specify certain applications can only be accessed via corporate owned assets but would still like to take advantage of BYOD scenarios for other applications. To that end a differentiation of devices from BYOD and CYOD through to PC's would be great.
Also there should be a process to move devices between the two groups.15 votes
Currently named locations that are IP list based, just sort the IPs in the order they are entered. This makes it very difficult to compare lists or find an IP that needs to be removed. Please either sort them automatically or give us a sort button.1 vote
We’ve started this work. We hope to be able to share something with you really soon.
- Don't see your idea?