Microsoft Entra Conditional Access is explicitly described by Microsoft as a system of policies that act as if-then statements: if a user wants to access a resource, then certain controls must be satisfied. These are called Conditional Access policies, and they combine assignments and access controls to enforce organizational requirements.
Among the configurable conditions in a policy is Device platforms. The documentation explains that Conditional Access identifies the device platform (Android, iOS, Windows, macOS, Linux) from the user agent and notes that this condition is typically used with grant controls such as block access or in combination with other controls. This allows administrators to block or allow access based specifically on the operating system of the user’s device.
For scoping, the Users and groups assignment lets you include or exclude groups instead of individual users. Microsoft’s Entra groups overview states that you can create a Conditional Access policy that applies to a group, and that Entra supports both security groups and Microsoft 365 groups, while another architecture article notes that either a security group or a Microsoft 365 Group can be used in Conditional Access policies.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit