Cloudflare Access can integrate with Azure AD’s Conditional Access feature to require that users connect to certain applications from managed devices. To enable, you must integrate Azure AD with Cloudflare Access as a cloud app that requires managed device connections. You can configure to segment which Access applications require Azure AD with managed devices and which only require Azure AD logins.
Enforce Azure AD device posture in Access
(Optional) If you want to allow users to reach certain applications with only Azure AD logins, and no device requirement, repeat Step 1 to create another identity provider. You will need to maintain two distinct integrations: one integration will require device management and the other will only require Azure AD logins. We recommend giving each identity provider a distinct name, for example
Azure AD (device posture)and
Azure AD (login only).
In Azure AD, apply your Conditional Access policy to the
Azure AD (device posture)integration.
You can now enable the Conditional Access policy for an Access application: