Help Conditional Access

Where can I see if a device is compliant or non-compliant at Microsoft?

You can either browse Intune and go to the devices of a specific user, or you can check all devices in Entra ID.

Setting Landingpage

The device is marked as N/A at Microsoft

That means the state has not been synced yet. Please double-check that there are no errors shown in the Conditional Access setting page and that there’s no errors in the log.

The device is marked non-compliant at Microsoft, but the user can still access blocked apps

This can have multiple reasons:

  • Ensure your policy applies (i.E. the user sign-in log from Microsoft has a Conditional Access tab for further information).
  • Double check if the platform is linked with Relution and the correct user group is assigned.
  • If a user was already logged in, cached tokens might stay alive for up to two hours.

The user can’t register his device due to being blocked by MSCA

  • Please double-check your Policy. Currently using All Cloud Apps will also block the user from registering. As of today, the needed Microsoft Broker App can’t be excluded.

The device is blocked as non-compliant.

Your device is marked as non-compliant and your admin blocked your access to use this. You can check the Relution Agent to see why your device is non-compliant. For further questions, please contact your admin.

If your state changes from non-compliant to compliant or vice versa, state updates usually get triggered within 1-2 minutes, but sometimes microsoft caches values up to 1 hour.

Device Not CompliantAgent Not CompliantAgent Compliant
DeviceNotCompliantAgentNotCompliantAgentCompliant

The device is not registered.

This does not apply to windows. Windows devices have to be Entra joined or joined via autopilot. Entra registered windows devices are currently not supported.

To be able to use conditional access with iOS, macOS or Android Enterprise, devices have to be additionally registered with microsoft. You can achieve this by opening the Relution Agent. Within device details you can connect your Entra ID account. This process will link your device correctly.

Device Not RegisteredAgent Not ConnectedAgent Connected
DeviceNotRegisteredAgentNotConnectedAgentConnected

The user/device can’t be registered

If the registration does not work. This may be due to a faulty connection.

Various options are available here:

  • ‘Reset Connection’ via the Relution Agent Device information -> MSCA
  • Remove the device registration in the Authenticator app
  • Delete previous registrations with the Keychain Access app on macOS