2 Replies

  • You can do this with Azure AD, Conditional Access and Intune (Microsoft Endpoint Manager). However, that is based on a decision to use the Microsoft stack for a lot of this. You can set up Conditional Access to require that the hardware be registered with MEM and you can implement other rules (MFA, specific locations, etc.). Azure AD is "free", but you need licensing from Microsoft to support Conditional Access/Identity Management (Azure AD Premium P1 or P2) and Intune/MEM licenses for each user. These licenses are included in some of the Office 365 packages, if you are interested in Office 365, Office, and/or Windows licensing. Assuming there is on-premise AD, you also need to synchronize the on-premise AD with Azure AD (Azure AD Connect).

    So, can it be done? Yes. Is there a cost? Yes.

    Was this post helpful? thumb_up thumb_down
  • We do have Azure P1 subscription. I do use AD Sync for our on prem DC.

    How do you stop the user from going directly to the cloud based app and bypassing using a 365 account as this is not required to login to some of the apps.

    Does MCAS give you any extra abilities.

    Was this post helpful? thumb_up thumb_down

Read these next...