What's conditional access?

Applies to: Intune in the Azure portal
Looking for documentation about Intune in the classic portal? Go here.

This topic describes Conditional access as it applies to Enterprise Mobility + Security (EMS), and follows that with Conditional access common scenarios when using Intune.

Enterprise Mobility + Security (EMS) Conditional Access is not a standalone product, it’s a solution that takes part on all services and products that are part of the EMS. It provides granular access control to keep your corporate data secure, while giving users an experience that allows them to do their best work from any device, and from any location.

You can define conditions that gate access to your corporate data based on location, device, user state, and application sensitivity.


Conditional Access also extends its capabilities to Office 365 services.

Conditional access architectural diagram

Conditional access with Intune

Intune adds mobile device compliance and app management policies to support the EMS Conditional Access solution.

Intune and conditional access when using EMS

Ways to use conditional access with Intune:

  • Device-based conditional access

    • Conditional access for Exchange on-premises

    • Conditional access based on network access control

    • Conditional access based on device risk

    • Conditional access for Windows PCs

      • Corporate-owned

      • Bring your own device (BYOD)

  • App-based conditional access

Next steps

Common ways to use conditional access with Intune