Securing access to company resources is the most critical aspect for any organization and it becomes more critical when we are talking about cloud services like Azure. Microsoft has a couple of features or solutions available like Intune, System center configuration manager (SCCM), and Azure AD Conditional Access for companies to secure resources in both cloud as well as on-premise. Conditional Access is a feature of the Azure Active Directory platform that allows us to restrict access to applications and services based on a set of policies we apply. For example, we can allow access to resources based on the user’s device type, device status, location, etc.
Let us take an example to see it in action, here we will restrict users from accessing Dynamics 365 App from devices running on Android OS.
Login to Azure Portal with Admin credentials.
Browse to Azure Active Directory > Security > Conditional Access
Conditional Access needs an Enterprise Mobility + Security E5 or Azure AD Premium P2 license. Activate any of them.
Click on New Policy
Specify an appropriate name for the policy.
Users and groups, select Include All Users as we will applying the policy to all the users.
For Cloud app or actions, select Common Data Service app.
Which Conditions, specify Android as the Device Platforms.
In Access controls, for Grant select Block Access.
Click on Create to create the policy.
Set Enable policy On and save for applying the policy.
To test the policy, try accessing the Dynamics 365 App from the Web Browser on your Android device.
The users will not be able to access the app and will be presented with the below message.
The same will be the experience if the user tries to access the Microsoft CRM development with Dynamics 365 app through Dynamics 365 Mobile App on Android.
