Conditional access is a feature of Azure Active Directory that enables administrators to enforce controls on the access to apps in their environment based on specific conditions. With controls, they can either tie additional requirements to the access or they can block it. Its policy-based approach simplifies the configuration experience because it follows the way admins think about access requirements. Conditional access is supported for devices running Android, iOS, Windows Phone and Windows.
Today, Microsoft announced that they are adding support for Apple macOS. Both Azure Active Directory and Intune now supports macOS for device-based conditional access. With this capability, IT Admins can restrict access to Intune-managed macOS devices using device-based conditional access according to their organization’s policies. In the preview phase, Microsoft is supporting the following features.
- Ensure macOS devices adhere to your organization’s compliance policies
- Enroll and manage macOS devices using Intune
- Restrict access to applications in Azure AD to only compliant macOS devices
This feature will be supported on Apple Macs running macOS 10.11 and above. Microsoft Enterprise Mobility + Security (EMS) is one of the fastest growing businesses inside Microsoft. During the last earning announcement, Microsoft highlighted that the number of EMS customers is growing 57% over the last year to more than 52k unique customers. This accounts for an install base of more than 50M licenses. Today’s announcement about support for macOS devices will attract more organizations to choose Microsoft EMS.
You can learn more about Microsoft EMS here.