Microsoft Azure: Conditional Access: How would I enforce intune MDM but allow AVD RDP from personal devices?
So I had this idea that I thought would be possible but as I'm testing it seems not work. I wonder if anyone here has any ideas on getting this working?
Objective: I want to require Compliant device (thus requiring intune) from conditional access, but allow users on a list to optionally use their personal computers to connect to an AVD who is intune compliant already.
The Conditional Access policy in play is one against all users who requires 'all cloud apps' and 'all devices' to be compliant. In testing, when I attempt to sign into the Remote Desktop App with my targeted account I see the login comes from AppID: a85cf173-4192-42f8-81fa-777a763e6e2c "Azure Virtual Desktop" - however this isn't an option when I click on "Excluded Apps" in the conditional access policy.
Is it possible to exempt any conditional access policy based on the application ID being reported in the sign-in logs?
I wound up needing five different permissions:
- Azure Virtual Desktop: 9cdead84-a844-4324-93f2-b2e6bb768d07
- Azure Windows VM Sign-In: 372140e0-b3b7-4226-8ef9-d57986796201
- Microsoft Remote Desktop: a4a365df-50f1-4397-bc59-1a1564b8bb9c
- Windows Virtual Desktop AME: 5a0aa725-4958-4b0c-80a9-34562e23f3b7
- Windows Virtual Desktop Client: fa4345a4-a730-4230-84a8-7d9651b86739
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday
- Diagnostic setting not included in Azure Portal ARM template export
- How do I read the original pdf file in set indexer datasource in a custom WebApiSkill after enabling "Allow Skillset to read file data"
- How do I store vectors generated by AzureOpenAIEmbeddingSkill in indexer given my current setup
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Azure Function App - frequent hang and deadlocks
- Sign Tool for Azure Trusted Service Account Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
- How to convert the premium file share to premium block blob storage account or standard general purpose v2 storage account?
- How to generate an azure blob url with SAS signature in nodejs sdk v12?
- How to Assign Role to New User with Graph API
- Directory disappears from azure cloud shell (home)
- Application Insights Logging Exceptions as Trace
- Issue with Azure key vault and Azure storage account deployment
- AddDataProtection().PersistKeysToAzureBlobStorage().ProtectKeysWithAzureKeyVault() getting httpVerb Error while accessing the blob storage
- temporary_name_for_rotation must be specified when changing any of the following properties: pod_subnet_id
- Native Node.js Metrics in Application Insights
- Azure Key Vault Disabled public access, how to access it through the portal via internet
- Using Google.Cloud.BigQuery.V2 API in Azure Functions
- Azure Functions no job found (python)
- Azure Machine Learning - Online Endpoint Schedule/Cost management
- Is it possible to read File from same folder where Azure function exists
- Make WAF policy to only allow Azure Load Testing or Azure Services
- port 7071 is unavailable. Close the process using that port, or specify another port using --port [-p]
- Azure - RBAC to Management Group
- Why is AVD remove client's maximize to current display option grayed out?
- Azure get EID List with API
- Synchronise Azure files to blob store
- trigger logic app from Azure Service bus in sequance