DV-01HighEnhanced Security

Require Compliant Devices for Admin Access

Conditional Access control for Microsoft 365 and Entra ID

Why This Control Matters

A compromised or unmanaged device can have keyloggers, malware, or screen capture tools. Requiring managed, compliant devices for admin access ensures that privileged actions occur from endpoints you control and monitor.

Expected State

When this control is compliant, your tenant should meet these criteria:

1A Conditional Access policy requires compliant or Entra hybrid-joined devices for admin portals
2Policy targets Microsoft Admin Portals app or specific admin URLs
3Unmanaged personal devices cannot access admin functions

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Available

Creates a Conditional Access policy requiring device compliance. PREREQUISITE: Intune must be configured first.

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.