Set up security and access from mobile devices

To secure the access to the WorkZone Mobile (New) app app's web services that are used by WorkZone Mobile (New) app, it is recommended to configure conditional access, which will only allow access from compliant mobile devices.

Prerequisite: Mobile devices must be managed by Intune and compliance policies must be configured and enabled on the devices.

Create a new policy

Click Azure Active Directory on the menu.
Under Security, click Protect > Conditional Access > Create new policy.
Type name of the policy into the Name field. For example, Check_for_device_Compliance.
Under Assignments, click Users and groups.
On the Include tab, click All users > Done. This ensures that all users will be checked.
Click Target resources and select Resources from the dropdown.
On the Include tab, click Select resources.
Click Select to expand the list of applications. Select the WorkZone Mobile (New) app app that you have created earlier.
Click Select.
Click Conditions > Device platforms > Yes to enable Configure.
Select Any device > Done. This ensures that all platforms will be checked.
Click Locations > Yes to enable Configure.
On the Include tab, click Any location > Done. This ensures that all locations will be checked.
Click Client apps > Yes to enable Configure.
Select the Browser, Mobile apps and desktop clients, Exchange ActiveSync clients and Other clients checkboxes.
Click Done.
Under Access controls, click Grant > Grant access.
Select the Require multi-factor authentication and Require device to be marked as compliant options.
In the For multiple controls section, select Require one of the selected controls.
Click Select.
Click On to enable the policy, and then Create. The created policy now appears as Enabled.

For more information about configuring conditional access policy, see Learn about Conditional Access and Intune Microsoft article.