Back in August, Microsoft announced the preview of device-based policies for Azure AD Conditional Access. This new feature is supported in iOS, Android, Windows 10 Anniversary Update, Windows 7 and Windows 8.1. Today, they announced the general availability of this feature.
These policies help IT Admins stay in control of their organization’s data by restricting access to enterprise managed devices. Policies can be applied on a per-application basis to require that devices be managed by your company and be correctly configured. They work with all the applications that authenticate using Azure AD. That means Office 365, Azure and Microsoft CRM as well as all the apps in our app gallery, including thousands of apps like ServiceNow, Salesforce.com & Concur, plus on-premises applications published through the Azure AD Application Proxy.
Per-app access can be set on the following services:
- Microsoft Office 365 Exchange Online
- Microsoft Office 365 SharePoint Online
- Dynamics CRM
- Power BI
- All of the 2,700+ SaaS applications from the Azure AD application gallery
- On-premises apps registered with Azure AD Application Proxy
- LOB apps registered with Azure AD