At least one Conditional Access policy is configured with device compliance

Description

Device compliance conditional access policy can be used to require devices to be compliant with the tenant's security configuration.

How to fix

Create a conditional access policy that requires devices to have device compliance.

1. Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
2. Browse to Protection > Conditional Access > Policies.
3. Select New policy.
4. Give your policy a name.
5. Under Assignments, select Users or workload identities.
   • Under Target resources > Resources (formerly cloud apps) > Include, select All resources (formerly 'All cloud apps').
6. Under Access controls > Grant.
   • Select Require device to be marked as compliant and Require Microsoft Entra hybrid joined device
   • For multiple controls select Require one of the selected controls.
   • Select Select
7. Confirm your settings and set Enable policy to Enable
8. Select Create to create to enable your policy.

Use this template and customize it to exclude MFA so that only device compliance is applied Require a compliant device, Microsoft Entra hybrid joined device, or multi-factor authentication for all users.

Related links

• Entra admin center - Conditional Access | Policies
• Tenant App Management Policy - Microsoft Graph Reference