You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/configure-conditional-access.md
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,28 +31,26 @@ This section guides you through all the steps you need to take to properly imple
31
31
## Before you begin
32
32
33
33
> [!WARNING]
34
-
> It's important to note that Microsoft Entra registered devices aren't supported in this scenario.</br>
35
-
> Only Intune enrolled devices are supported.
34
+
> It's important to note that Microsoft Entra registered devices aren't supported in this scenario. Only Intune enrolled devices are supported.
36
35
37
36
You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune:
38
37
39
38
- IT Admin: For more information on how to enable auto-enrollment, see [Windows Enrollment](/intune/windows-enroll#enable-windows-10-automatic-enrollment)
40
-
- End-user: For more information on how to enroll your Windows 10 and Windows 11 device in Intune, see [Enroll your Windows 10 device in Intune](/intune/quickstart-enroll-windows-device)
39
+
- Enduser: For more information on how to enroll your Windows 10 and Windows 11 device in Intune, see [Enroll your Windows 10 device in Intune](/intune/quickstart-enroll-windows-device)
41
40
- End-user alternative: For more information on joining a Microsoft Entra domain, see [How to: Plan your Microsoft Entra join implementation](/azure/active-directory/devices/azureadjoin-plan).
42
41
43
42
There are steps you'll need to take in the Microsoft Defender portal, the Intune portal, and Microsoft Entra admin center.
44
43
45
44
It's important to note the required roles to access these portals and implement Conditional access:
46
45
47
-
-**Microsoft Defender portal** - You'll need to sign into the portal with a Global Administrator role to turn on the integration.
46
+
-**Microsoft Defender portal** - You'll need to sign into the portal with an appropriate role to turn on integration. See [Permission options](user-roles.md#permission-options).
48
47
-**Intune** - You'll need to sign in to the portal with Security Administrator rights with management permissions.
49
-
-**Microsoft Entra admin center** - You'll need to sign in as a Global Administrator, Security Administrator, or Conditional Access administrator.
48
+
-**Microsoft Entra admin center** - You'll need to sign in as a Security Administrator or Conditional Access administrator.
50
49
51
50
> [!IMPORTANT]
52
51
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
53
52
54
-
> [!NOTE]
55
-
> You'll need a Microsoft Intune environment, with Intune managed and Microsoft Entra joined Windows 10 and Windows 11 devices.
53
+
You'll need a Microsoft Intune environment, with Intune managed and Microsoft Entra joined Windows 10 and Windows 11 devices.
56
54
57
55
Take the following steps to enable Conditional Access:
0 commit comments