James Parsons

James Parsons

Head of Modern Security

Microsoft have announced that they will be deprecating one of the current conditions within Conditional Access policies. The condition that is going to be removed is “Device State”, a setting that was still in preview.

Conditional access 1

This condition offered the ability to exclude Hybrid Azure AD Join and Compliant devices from the policy. If you are currently using this setting and have not updated your policies when this condition is removed, you may find that policies that previously were bypassed for managed devices, are now being triggered. This could have a major impact your Conditional Access policies and on the end-user experience when accessing the services within your tenant.

Do not worry, there is a way to configure the same functionality within conditions, but you will need to use “Filter for Devices”.

Conditional Access 2

“Filter for Devices” provides more granularity than “Device state” could offer and so will also allow you to create some very specific device conditions within your Conditional Access policies. One example, that we have seen is to capture the IDs for your administrators devices, create a Conditional Access policy that only allows your administrator accounts to connect from these devices (excluding your break glass account of course).

Originally published December 13 2021, Updated December 13, 2021

Microsoft 365 Licensing - Demystified

Download our free factsheet to understand the difference between Microsoft 365 and Office 365, and the services you receive with the F1, E1, E3, E5 suites respectively.”
Download our Factsheet

Enable your organisation to adopt best practice in the world of security

Build out and implement your security strategy with expert guidance and services from Perspicuity!

Get started with Zero Trust