You'll have to create an additional policy for this. Instead, why not assign your first policy to All Users and Exclude the members of Group B in the assignment?
InTune lock app usage for users out of groups
Hi,
I have managed all Microsoft apps with intunes and created 2 "App protection policies" for iOS and Android BOD devices (managed devices have their own policies).
1 policy limits things i need (like required unlock PIN ecc..) and is assigned to AD group "A"
1 policy limits everything and wipes data almost immediately and is assigned to AD group "B"
I've created these policies and the idea is that if I have a problem with devices (stollen ecc) of a user in group A I can move them in group B and know things will be deleted. (yes I will also use the "app selective wipe").
My only problem now is that if a user (by mistake) is neither in AD group A or B they have free use of the apps because they don't have an assigned policy. Where is it that I can specify that any user not in group A or B or that don't have a policy can't use the apps with the company credentials?
Thanks,
James
2 answers
Sort by: Most helpful
-
Jason Sandys 31,186 Reputation points Microsoft Employee
2020-09-09T21:03:42.867+00:00 -
Crystal-MSFT 45,656 Reputation points Microsoft Vendor
2020-09-10T01:41:00.683+00:00 @James , From your description, it seems we want to block the users not in group A or B to access the application, If there's any misunderstanding, please let us know.
For the app, if it is cloud app, we can try to configure a Conditional access policy to accomplish this. We can assign the policy to All Users exclude group A and B. We can see more details in the following link:
https://video2.skills-academy.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-users-groupsSelect the cloud app, configure the conditions, and set Grant as "Block access"
https://video2.skills-academy.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grantHere is a link talking about the setting under condition access policy, we cna refer to it:
https://video2.skills-academy.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policiesHope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.