Conditional access determines what should happen in the event a device fails a required device compliance check. Device compliance checks can be configured as:
- Not checked: Policy will not be checked
- Recommended: Policy will be checked; conditional access not enforced
- Required: Policy will be checked; conditional access setting enforced
The following conditional access modes are available:
Disabled
When the conditional access policy is set to Disabled, all defined policies are checked (required and recommended) and reported into the admin portal, but user workflows are not impacted as a result of the checks performed. Whether or not a device passes or fails the checks, the user can access and work within Venn. This setting is best used to initially gain an understanding into the health of your device ecosystem.
Strict
When the conditional access policy is set to Strict, users will only be able to access and work within Venn when their devices pass all required compliance checks.
- When a user is already logged in and their device goes out of compliance, a 3-minute warning popup window will appear, giving the user time to fix the issue. They will not be able to launch any additional apps during this time.
- If the user is logging in and their device does not pass all required compliance checks, they access Venn.