People regularly use their mobile devices for both personal and work tasks. While making sure staff can be productive, we also want to prevent data loss from potentially unsecure applications. With Conditional Access, we can restrict access to approved (modern authentication capable) client apps.
In order to leverage this grant control, Conditional Access requires that the device be registered in Azure Active Directory which requires the use of a broker app. The broker app can be the Microsoft Authenticator.
Approved Apps Required:
Microsoft Authenticator
Microsoft Outlook
Microsoft OneDrive
Microsoft Sharepoint
Microsoft Teams
Microsoft Edge
Optional:
Microsoft Word
Microsoft PowerPoint
Microsoft Excel
Microsoft Office
Microsoft Power Automate
Microsoft OneNote
Prerequisites
Pin Code - min 4 digit
Save Data - Onedrive & Sharepoint apps