ASD's Blueprint for Secure Cloud

GRANT - iOS Device Access

This page describes the configuration of policies for conditional access within Microsoft Entra ID associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Name

ItemValue
NameGRANT - iOS Device Access

Assignments

Users

ItemValue
IncludeAll users
Exclude
Guest or external usersNot checked
Directory rolesNot checked
Users and groupsgrp-Conditional_Access_Exclude

Target Resources

ItemValue
Select what this policy applies toCloud apps
IncludeSelect apps
SelectOffice 365
ExcludeNone
Select excluded cloud appsMicrosoft Intune

Conditions

ItemValue
User riskNot configured
Sign-in riskNot configured
Device platforms
Include
- AndroidNot checked
- iOSChecked
- Windows PhoneNot checked
- WindowsNot checked
- macOSNot checked
- LinuxNot checked
Exclude
- AndroidNot checked
- iOSNot checked
- Windows PhoneNot checked
- WindowsNot checked
- macOSNot checked
- LinuxNot checked
LocationsNot configured
Client apps
Select the client apps this policy will apply to
BrowserChecked
Mobile apps and desktop clientsChecked
Exchange ActiveSync clientsNot checked
Other clientsNot checked
Filter for devicesNot configured

Access Controls

Grant

ItemValue
Control access enforcement to block or grant accessGrant access
Require multifactor authenticationNot checked
Require authentication strengthNot checked
Require device to be marked as compliantChecked
Require Microsoft Entra hybrid joined deviceNot checked
Require approved client appNot checked
Require app protection policyNot checked
Require password changeNot checked
Acceptable Use PolicyNot checked
For multiple controlsRequire one of the selected controls

Session

ItemValue
Use app enforced restrictionsNot checked
Use Conditional Access App ControlNot checked
Sign-in frequencyNot checked
Persistent browser sessionNot checked
Customize continuous access evaluationNot checked
Disable resilience defaultsNot checked
Use Global Secure Access security profileNot checked

Enable policy

ItemValue
Enable policyOn

Security & Governance

Design

Configuration

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra