Integrating Compliance with Conditional Access
Start course

This course will provide you with a solid understanding of compliance policies and where they fit into Microsoft 365. You'll also have the chance to watch a guided demonstration showing you how to create a Compliance Policy in Microsoft Intune.

Learning Objectives

  • Learn the basics of compliance policies in Microsoft 365
  • Gain an understanding of Compliance Policy Settings and Device Compliance Policies
  • Learn how to integrate compliance policies and conditional access
  • Learn how to create a compliance policy in Endpoint Security within the Microsoft Endpoint Manager admin center

Intended Audience

This quick-hitting course is intended for those who wish to learn about using Compliance Policies in Microsoft 365.


To get the most out of this course, it would be beneficial to have a basic understanding of compliance in general, as well as some basic experience using Microsoft 365.


Welcome back.

As I mentioned earlier, you can integrate Compliance Policies with Conditional Access. This means that you can configure Conditional Access policies to rely on the results of the device compliance policies that you’ve created, to determine which devices can access corporate resources. This provides an additional layer of access control over and above the actions for noncompliance that you configure in the device compliance policies themselves.

As you might expect, a device that enrolls in Intune also gets registered in Azure Active Directory. The compliance status for such devices is then reported to Azure Active Directory. This being the case, if you’ve configured access controls within your Conditional Access policy to require devices to be marked as compliant, what will happen is that Conditional access will look at the compliance status of a device to determine whether or not access to email and other resources should be granted. This is the gist of how the integration works. Compliance policies determine if devices are compliant or not, and Conditional Access bases access decisions on that compliance status.

Now, as I also mentioned earlier in the course, if you want to integrate device compliance status with Conditional Access policies, you really want to ensure that you review the Mark devices with no compliance policy assigned as setting, which is found under Compliance policy settings. Ideally, you want to ensure that devices are marked as non-compliant if they haven’t yet had a compliance policy applied. This ensures that only devices that are truly compliant can access resources.

The table on your screen shows how the different non-compliant settings are managed when a compliance policy is used with a Conditional Access policy. If you look at this table, you’ll notice lots of “remediates” and “quarantined” notations. A status of remediated, in the context of this table, means that the device’s OS enforces compliance. A status of quarantined means that the device operating system DOES NOT enforce compliance. 

So, if a particular device isn't compliant, it gets blocked if there is a Conditional Access policy applied to the device’s user. The Company Portal app will then notify the user about the non-compliance.

So, that’s pretty much it in a nutshell. You can use Compliance Policies to determine which devices are compliant with corporate policies and which ones aren’t. You can then tell Conditional Access to rely on the compliance status of those devices, to determine which ones can access corporate resources, and which ones get blocked.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.