This step by step tutorial will take you through how to configure Conditional Access Terms of Use via Intune / Endpoint Manager.
This is Part 4 of a 13 part series.
=====================================================================
Welcome to part 4 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.
Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link
3. Enable Conditional Access and MFA (Multi factor authentication) - Link - This Article
4. Configure Conditional Access Terms of Use - Link - This Tutorial
5. Company Terms and Conditions - Link
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link
7a. More information regarding options for configuring the MDM and MAM user scopes - Link
8. Enrollment Status Page - Link
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link
13. Test autopilot via register online - Link
If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link
=====================================================================
Open the Azure AD portal - https://aad.portal.azure.com/
Select - Azure Active Directory
Scroll down and select - Security
Conditional Access
Terms of Use
New Terms
Enter the Name and Display Name of the Conditional Access Terms of Use
Use folder icon to browse to, select and upload the Terms of Use document in PDF format which end users will read.
Use the drop down arrow to select the language
Configure acceptance options as per business needs
Conditional Access -
Use the drop down to select.
Note - Choosing a custom policy will immediately apply the policy and may block users accessing Cloud services.
Tip -
Use the hover-mouse info icon to view details
As this is a test environment, I am selecting - Create conditional access policy later.
This can also be selected in Production to ensure proper planning and testing can be performed before associating with a conditional access policy.
Create -
The newly create Terms of Use will appear.
If you would like to apply the conditional access Terms of Use, follow this article - Link
====================================================================
Below is a quick run through of how to apply the Terms of Use to an existing Conditional Access Policy.
Note - Be very careful and test this thoroughly on a pilot group to ensure you don't lock clients out of cloud services.
Open the Azure AD portal - https://aad.portal.azure.com/
Select - Azure Active Directory
Scroll down and select - Security
Conditional Access
Here I am selecting an existing conditional access policy to link the Terms of Use to.
Select the Policy
Under the Grant section - Select the Controls selected
The currently configured controls will show.
Currently the only Control selected is - Require multi-factor authentication
Note that I do have the option to add the Terms of Use
Select the Terms of Use
Select - Require all of the selected controls
Click - Select
The Policy is now updated and shows 2 controls selected.
Save
===================================================================
User Experience
Obviously the user experience will alter depending on the options configured earlier.
After updating my conditional access policy, when a user visits the Office 365 portal -
https://portal.office.com - they are prompted to read and accept the Terms of Use.
If you have configured that the user must read the Terms of Use, and they click Accept without reading them, they will receive this error.
To read the Terms of Use, the client clicks the arrow to load the PDF.
The PDF loads and the client reads the Terms of Use
As this is just my developer tenant, I have uploaded the PDF of my RACQ movie tickets. 😂
The client then clicks Accept to accept the Terms of Use
Once accepted, the client will be granted access to the Online resources as per the conditional access policy.
===============================================================
Check out all my tutorials - Link
Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link
1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online
===============================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry
No comments:
Post a Comment