That's right! We've added Disk Encryption detection to our Conditional Access Policies!
Disk Encryption Condition for Conditional Access Policies
Many have been asking for more assertions around device posture when it comes to accessing corporate resources. In addition to restricting access to only corporate owned devices, we also want to assure those devices are secure with disk encryption. Now, as an administrator, you can block access to SSO applications or the User Portal from managed devices where disk encryption is disabled.
A few example usages:
- Block access to specific applications if encryption is not running.
- Block access to applications if the user is coming from a non-managed device or a managed device which is not running encryption.
- Allow access without MFA if the user is coming from a device which is encrypted, managed, and located within a trusted network.
Supported Resources
- SSO Applications
- User Portal
More Coming Soon
This is just a start. We are looking to add other device posture conditions such as OS Version, Anti-malware Running, Browser Version, and Firewall Running and more.
Read more about it in our Getting Started Guide for Conditional Access Policies.
