Microsoft Adding 'Conditional Access' to Intune with March Update

The latest update to Microsoft Intune will include new capabilities related to mobile device management (MDM).

Microsoft will roll out this month's Intune update between March 4 and March 7, although the exact timing will depend on a user's area-dependent "service instance." For instance, users in the North America region will get the update on March 6, according to Microsoft's Intune status page.

The updates apply mostly to the "standalone Intune" service, by which Microsoft means Intune unattached to System Center Configuration Manager. It's possible to connect the two device management applications via a Microsoft connector solution, but it seems that not all of the mobile device management capabilities work in conjunction quite yet. Microsoft's announcement of the March Intune improvements, though, claims that such "hybrid" integration is a "top priority" at the company.

"Delivering new features to our hybrid customers using System Center Configuration Manager integrated with Intune remains a top priority for our team, and you can expect additional hybrid features to be made available soon," the announcement stated. 

As an example, this March Intune update includes the ability for hybrid users to "create custom Wi-Fi profiles with preshared keys (PSK) for Android devices."

Most of the March Intune management improvements are for Apple iOS or Android devices. However, Microsoft did add the "ability to deploy .APPX files to Windows Phone devices." That's a way of distributing applications for those devices through a portal page or the Windows Store via an app packaging process.

On the Apple iOS side, Microsoft made it easier to enroll devices purchased from Apple or an Apple-authorized reseller, according to its announcement. For both iOS and Android devices, Microsoft now enables the use of Intune to manage OneDrive apps.

Microsoft's announcement also indicated that the March update will make it easier for organizations to restrict access to OneDrive for Business and SharePoint Online services based on "device enrollment and compliance policies" set by IT departments. Microsoft describes this approach as setting "conditional access," as described in this blog post.

Setting conditional access to OneDrive for Business and SharePoint Online services is an important feature for organizations to have if they are migrating users to Office 365 services, according to Microsoft. Organizations can define a compliance policy for devices that will be used by Azure Active Directory to check if the device is managed and compliant before enabling access to those services. This conditional access scheme requires that a "workplace join" operation take place with the device first, according to a Microsoft TechNet library article. The workplace join phrase refers to Microsoft's technology for establishing trust with non-domain-joined devices, which is typically associated with the Windows Server 2012 R2 product.

The March Intune update also includes the ability for IT pros to "restrict the number of devices a user can enroll in Intune."

As of last month, Microsoft has kicked off a new policy with regard to its Intune updates. Going forward, all Intune updates are getting released now on monthly basis.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.