This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 90%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Hi
Regarding Mobile phone enrolment in Intune.
We can set a conditional access policy in Azure for mobile that 'requires device to be compliant'
There are also compliance policies in Intune we can set.
My question is do we need both?
So If we dont have a conditional access policy that 'requires device to be compliant' but we do have intune compliance policies then does this suffice to ensure a device still needs to be compliant to enrol in Intune?
Do the two coexist or is it one or the other?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Basically compliance policies is enough to ensure a device to be compliant when enrolling in Intune. Speak more deeply, If you set Conditional Access Policy, Compliance Policy and Conditional Access Policy are mutually binding with each other. For example, when you use Conditional Access, you can configure your Conditional Access policies to use the results of your device compliance policies to determine which devices can access your organizational resources. This access control is in addition to and separate from the actions for noncompliance that you include in your device compliance policies.
When a device enrolls in Intune it registers in Azure AD. The compliance status for devices is reported to Azure AD. If your Conditional Access policies have Access controls set to Require device to be marked as compliant, Conditional access uses that compliance status to determine whether to grant or block access to email and other organization resources.
If you’ll use device compliance status with Conditional Access policies, review how your tenant has configured Mark devices with no compliance policy assigned as, which you manage under Compliance policy settings.
Reference: https://video2.skills-academy.com/en-us/mem/intune/protect/device-compliance-get-started
Thank you I understand :)
I appreciate you taking the time to respond