How to Limit to Entry to O365 From Unsupported OS Like Ubuntu ,CentOS Utilizing Conditional Access

By | January 3, 2018

If you may be utilizing o365 providers ,you may hit requirement to dam unsupported OS (Ubuntu,CentOS etc) accessing o365 sources . There are couple of how that you may prohibit unsupported utilizing Azure Energetic Listing Conditional Access.

The solely gadgets which can be supported in the meanwhile are iOS,Android,Mac and Home windows. You may management these supported gadgets to guard the information with out being leaked with mixture of conditional entry and intune ,nevertheless these unsupported OS can’t be managed therefore you could block them to entry o365 sources. For extra details about conditional entry ,have offered the hyperlinks in reference part on the finish of this post.

For this requirement, we will use conditional entry to dam all supported OS however exclude the supported OS.

If you may be doing enrollment of gadgets (MDM for iOS,Android,windows (WIP) and Mac ) ,you may create Conditional entry coverage with collection of compliant and hybrid Azure AD Joined as proven under ,therefore you dont have to create prohibit coverage for different OS, however in case you are utilizing MAM-WE (without enrollment of devices) ,it’s good to create conditional coverage which we’re going to see now.

The under settings will enable you to to dam entry .If consumer is making an attempt to entry the o365 sources ,they want to qualify one of many management that we chosen .Ubuntu,CentOS and different unsupported OS can’t be compliant or hybrid azure AD be a part of for now..

Access control>Grant .

image

if no enrollment of gadgets (MAM-WE) ,then comply with the under steps to dam unsupported OS. For the supported OS to permit MAM-WE, you go as per your org policies.

1. Login to Azure Portal ,go to Intune blade (https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExtensionLandingBlade/overview)

2.Click on Conditional Access,Policies ,New coverage (https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExchangeConnectorMenu/aad/connectorType/2)

3. Give it a reputation one thing like Global-Block-UnSuppOS-AllApps

4. Assignments ,embody All Users

SNAGHTML4ef56a1

5. Cloud Apps ,embody All cloud Apps

image

6.Conditions ,Machine Platforms ,configure to sure ,embody all platforms (including unsupported)

image

7.While on identical web page ,click on on Exclude and choose supported OS that you have got currently

image

8. Click on on Carried out, Done

9.Access Management ,Grant ,choose Block ,click on on select

image

10. choose Allow coverage to Yes

image

11.Finally click on on Save to use the settings to all customers with block action.

References:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-faqs

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-best-practices

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-technical-reference


Please check this great service at: http://www.test-net.org/services/dns-lookup/ or visit FREE SERVICES menu

[Total: 0    Average: 0/5]