Using conditional access to restrict access based on compliance
There is one final step when using compliance policies. While we have some non-compliance settings configured to lock mobile devices, we are mostly just warning users that their device is not compliant, but this does not stop them from using them. We do not want devices that do not meet our criteria to access corporate data, unencrypted devices, devices with active malware, and more. For that, we need to set up a conditional access policy.
Important note
This conditional access policy is just for restricting non-compliant devices. For full tenant security, you will need to deploy further policies. Common policies from Microsoft can be found at the following link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-trust-identity-device-access-policies-common?view=o365-worldwide.
You can also use some pre-configured templates directly from Entra, as covered here: https://learn.microsoft...
