Intune Compliance and Entra Conditional Access

To safeguard Temple resources, Information Technology Services (ITS) is implementing Intune Compliance and Entra Conditional Access policies to prohibit access to Microsoft 365 resources from non-compliant Temple-managed Windows computers (not student or personal devices). A computer is non-compliant if it:

• no longer runs a supported operating system build, or
• has been inactive for 90 days.

In either case, the computer will not receive critical security updates, posing a significant security risk.

​​​​​​ Read more about Intune Compliance and Entra Conditional Access .

​​​​​​​Intune Compliance
​​​​​​​ ​​​​​​​This function determines whether or not a device is compliant based either on the installed Windows build or whether it has been inactive for 90 days:

Case 1: The device is running an outdated Windows build:
​​​​​​​ The device is flagged as non-compliant. Users will have a seven-day grace period to update the device. During this time, they will receive email reminders, as shown below:
​​​​​

Unless users update their device within this time period, access to Microsoft 365 resources will be prohibited . ​​​​​​​This includes access to Teams, OneDrive, and Exchange email (both desktop and web-based versions). Once the Windows build is updated, the device will be marked compliant within 30 minutes, and Microsoft 365 restrictions will be lifted.​​​​​​​​​​​​​​​​​​​​​

Case 2: Device is inactive for 90 days:
The device is flagged as non-compliant. Users will receive a non-compliance error (as shown below under Extra Conditional Access ) until the device is connected to the Internet. Access to Microsoft 365 resources will also be prohibited during this period. This includes access to Teams, OneDrive, and Exchange email (both desktop and web-based versions). The device becomes compliant after being connected to the Internet for a short amount of time.​​​​​​​

Entra Conditional Access
​​​​​​​ ​​​​​​​This function enforces restrictions on Microsoft 365 resources once Intune flags a device as being non-compliant. When attempting to access Microsoft 365 resources from a non-compliant device, users will receive the following error:

To determine the version of Windows you are running:

1. Press Windows key + R ( win + R ).
2. In the Run window, type winver and click OK .
3. The About Windows screen appears, which displays both the Version and OS Build information:
   
   

​​​​​​​​​​​​​​Compare your build version against the following Microsoft articles:

• Supported Windows 10 Builds
• Supported Windows 11 Builds

For assistance with evaluating/updating a non-complaint Windows computer, or if you have other questions, please contact the Technology Support Center at tuhelp.temple.edu (click Chat or Request Help) or call 215-204-8000 .