In our previous blog, we saw how to restrict CRM access by Country or by IP Address. But at times there can arise a situation where the company doesn’t use any operating system other than Windows and wants to block access of CRM for all other operating systems apart from Windows. This can be done using conditional access in Azure Portal. Below are the pre-requisites for the same
- A subscription to Azure Active Directory Premium.
- A federated Azure Active Directory tenant.
Once you make sure you complete the above requirements, follow the below steps to achieve conditional access based on the operating system.
1. Log In to the Azure Portal.
2. In Services, search for Azure AD Conditional Access.
3. After creating a new location, click on Policies -> New Policy -> Create New Policy.
4. While creating a new policy, you can select to block either All Users or any number of particular users or Azure group.
5. In the next step, choose which cloud apps should be blocked. Here, you can select either all cloud apps or any number of specific cloud apps. In this case, I’m selecting Common Data Service (which will block out CRM access).
6. In the conditions, select the operating systems that you need to restrict access to. Since we are only allowing access to windows-based machines, we will select all other platforms except Windows and Windows Phone. Select On in Enable Policy and click on create.
7. Under Access control -> grant select Block access and click on create.
8. After successful creation, a notification will be shown as follows –
9. Now, if a user tries to access our CRM from a macOS-based machine, an error message will be shown as below –
This is how we can restrict access based on the operating system from accessing any or all of our global apps.