Microsoft Adds Device Access Based on OS Versions in Intune
Microsoft has added the ability to block device access to company resources based on the version of the client operating system used in its Intune mobile device management solution.
This new Intune conditional access capability works across Windows, Windows Phone, iOS and Android OSes. It's currently just available as an extension to System Center 2012 R2 Configuration Manager Service Pack 1 when used with Intune.
Microsoft plans to add this blocking capability later to its so-called "standalone" Intune solution. Intune can be used by itself or integrated with System Center Configuration Manager.
IT pros have to enable the capability first. That's done through the "Extensions for Microsoft Intune node" of Configuration Manager. Next, they need to specify a compliance policy rule indicating the minimum or maximum accepted OS version numbers. After that's set, noncompliant devices will get blocked from accessing resources such as "Exchange, Exchange Online and SharePoint Online," according to Microsoft's announcement.
The new conditional access capability requires installing the latest System Center 2012 R2 Configuration Manager SP1 cumulative update. Also, Microsoft is requiring the installation of KB3106034.
In other Intune news, Microsoft extended conditional access controls for use with on-premises Exchange Servers. There will be an improved "quarantine" experience for end users that get blocked via the conditional access feature, Microsoft promised.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.