| title | Conditional Access policies block access from noncompliant devices |
|---|---|
| author | brenduns |
| ms.topic | include |
| ms.date | 09/22/2025 |
| ms.custom | Intune-Secure-Recommendation |
If Microsoft Entra Conditional Access policies don't enforce device compliance, users can connect to corporate resources from devices that don't meet security standards. This exposes sensitive data to risks like malware, unauthorized access, and regulatory noncompliance. Without controls like encryption enforcement, device health checks, and access restrictions, threat actors can exploit noncompliant devices to bypass security measures and maintain persistence.
Requiring device compliance in Conditional Access policies ensures only trusted and secure devices can access corporate resources. This supports Zero Trust by enforcing access decisions based on device health and compliance posture.
Remediation action
Configure Conditional Access policies in Microsoft Entra to require device compliance before granting access to corporate resources:
For more information, see: