Close Menu
    Facebook X (Twitter) Instagram
    Monday, June 23
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Intune»Azure Active Directory»How to restrict to access to o365 from unsupported OS like Ubuntu ,CentOS using Conditional Access

    How to restrict to access to o365 from unsupported OS like Ubuntu ,CentOS using Conditional Access

    Eswar KonetiBy Eswar KonetiJanuary 03, 11:15 pm2 Mins Read Azure Active Directory 6,576 Views
    Share
    Facebook Twitter LinkedIn Reddit

     

    If you are using o365 services ,you might hit requirement to block unsupported OS (Ubuntu,CentOS etc) accessing o365 resources . There are couple of ways that you can restrict unsupported using Azure Active Directory Conditional Access.

    The only devices that are supported at the moment are iOS,Android,Mac and Windows. You can control these supported devices to protect the data without being leaked with combination of conditional access and intune ,however these unsupported OS cannot be managed hence you must block them to access o365 resources. For more information about conditional access ,have provided the links in reference section at the end of this post.

    For this requirement, we can use conditional access to block all supported OS but exclude the supported OS.

    If you are doing enrollment of devices (MDM for iOS,Android,windows (WIP) and Mac ) ,you can create Conditional access policy with selection of compliant and hybrid Azure AD Joined as shown below ,hence you don’t need to create restrict policy for other OS, but if you are using MAM-WE (without enrollment of devices) ,you need to create conditional policy which we are going to see now.

    The below settings will help you to block access .If user is trying to access the o365 resources ,they must qualify one of the control that we selected .Ubuntu,CentOS and other unsupported OS cannot be compliant or hybrid azure AD join for now..

    Access control—>Grant .

    image

    if no enrollment of devices (MAM-WE) ,then follow the below steps to block unsupported OS. For the supported OS to allow MAM-WE, you go as per your org policies.

    1. Login to Azure Portal ,go to Intune blade (https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExtensionLandingBlade/overview)

    2.Click on Conditional Access,Policies ,New policy (https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExchangeConnectorMenu/aad/connectorType/2)

    3. Give it a name something like Global-Block-UnSuppOS-AllApps

    4. Assignments ,include All Users

    SNAGHTML4ef56a1

    5. Cloud Apps ,include All cloud Apps

    image

    6.Conditions ,Device Platforms ,configure to Yes ,include all platforms (including unsupported)

    image

    7.While on same page ,click on Exclude and select supported OS that you have currently

    image

    8. Click on Done, Done

    9.Access Control ,Grant ,select Block ,click on select

    image

    10. select Enable policy to ‘Yes’

    image

    11.Finally click on Save to apply the settings to all  users with block action.

     

    References:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-faqs

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-best-practices

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-technical-reference

     

    block access centOS conditional access Conditional access in Azure Active Directory controls for conditional access intune MAM-WE MDM restrict access to ubtune unsupported OS
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    1 Comment

    1. Pingback: How to restrict to access to o365 from unsupported OS like Ubuntu ,CentOS using Conditional Access | All about Microsoft Endpoint Manager │ Mitteilung2

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.