Conditional Access based on OS versions available in Intune

IntuneA feature that was / is high on our wish list is the ability to block older OS versions. As from today this is publicly available in Intune. Like in Configuration Manager you are able to configure minimum and maximum versions of operating systems.

This way you are able to control exactly what kind of Operating Systems versions are supported for your environment. Whoho!

So if we go to the compliance policies and have a look at them you see that you are able to configure the minimum and maximum versions of Windows, Windows Phone, Windows 10 Mobile, Android and iOS based Operating Systems.

So if we test this with for instance an iOS device with the compliance settings as listed below, we should be able to block access of newer iOS versions. 😉 You are able to configure versions based on the following format (eg. 4.4.1 or 9.0.1).

Configure the minimum and maximum settings for your needs

When trying to enroll the device, which has iOS 9.2.1 installed, I receive a compliance error that I do not comply to the company standards.

Device blocked

Again a nice addition to the Microsoft Intune service!! If you want to have a voice on which feature needs to be in Intune, go to and add or vote on your needs!!



  1. I cannot find the section int he Intune Console where this setting would be configured. I look under “Policy -> Compliance Policies” and the only option I have is to create a new Compliance Policy. The policies I can create do not have those restrictions that you mention in this article. Any help is greatly appreciated. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Heads-up: Passport for Work support enabled by default

Next Post

Presenting a ConfigMgr and Intune Hands On Lab session at MMS

Related Posts