This guide will allow administrators to create an exemption from the device compliance check conditional access policy for the desired internal user.
Deployment of this Conditional Access Policy applies to organizations that have also had a Device Security or Device Management configuration package deployment.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Identity Security
Domain: Device Protection Management
Modifies: Device Login Compliance Exclusions
Device Login Compliance Exclusion
- Navigate to Conditional Access Policies – Azure Active Directory, locate and select the Security Essentials: C13 – Internal User Device Compliance policy.
- A pop up will be displayed containing all the configured settings being enforced by the policy. Locate and select the Users section followed by the Exclude header. Under the Select Excluded Users and Groups option select the hyperlink to generate the list of all current users or groups that are exempt. Do not modify any other settings listed, failure to abide could result in resources not being protected properly or a mass lockout scenario due to misconfiguration.
- From the list you will be able to select the desired User or Group specified by management. Use the provided text field to search for the user account or group name, select the name in the generated list below, once selected they will be displayed in the Selected section. Finalize the user or group selection by hitting Select.
- Once the necessary exemptions have been made and the user or group is generating in the list of Selected Excluded Users and Groups, select Save to finalize the Internal User Device Compliance exemption process.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.