Add support to NMM Intune CAP assignments based on user Azure role

We typically enable two Conditional Access Polices for users. 1 for general users where known public IPs are whitelisted from the MFA CAP, and 1 for users with an admin role to be prompted for MFA no matter their location. 

 

Currently, NMM strips the Azure Roles in the parent cloned CAP. We tested building a CAP template with the Azure Roles included in the settings, but publishing to other tenants also strips the roles from the CAP. 

5

Comments (2 comments)

Avatar
Gido Veekens

Hi Randy. You are right, for all policies we only use the settings aspect and strip out anything that could be tenant specific. I can see how it would be valuable for Conditional Access to keep the assigned built-in Entra roles, so I'm adding this to our backlog. Thanks for the suggestion!

2
Avatar
Randy Lehman

Excellent. Thanks!

0

Please sign in to leave a comment.