Intune - Enroll AD Devices with Outlook access on Conditional Access

Please follow the steps below to enroll AD devices into Intune and to have access to Outlook while conditional access policy is active:

License Assigned: M365 E5

- Create a dynamic device group, condition value: _ -contains "[ZTDId]

​
This translates to: When device is registered in Azure AD with a serial number, add to this device group.

- Create Autopilot Device Configuration Profile and assign it to dynamic device group

​
- Machine joined to AD
- HWID Imported into Intune Portal (Endpoint Mgr -->Devices --> Windows --> Under Windows Autopilot Deployment Program - Devices

​

- AD user logged in, added Comp Portal, connected to Intune through Comp Portal
- MSI/LOB apps installed as expected
- Store apps available as expected
- Outlook works as expected