By Wayne Bennett – Sr Program Manager | Microsoft Endpoint Manager – Intune
Potential to block access to Intune
Example screenshot to register each device with Azure AD prior to getting access in a Conditional Access policy
Example screenshot of targeting All cloud apps in a Conditional Access policy
Blocking enrollment issue
Example screenshot of the “Help us keep your device secure” message
Prevent Intune enrollment from being blocked
There are two methods to keep the enrollment blocking scenario from occurring:
Method 2: Exclude cloud apps
Example screenshot of excluding “Microsoft Intune” and “Microsoft Intune Enrollment” from the Cloud apps or actions list
Changing your configuration using either of the suggested methods will prevent the Intune enrollment blocking scenario. Before you make any change, be sure to evaluate the settings so you don’t impact any existing Conditional Access requirements.
More info and feedback
For further resources on this subject, please see the links below.