Next, configure the policy to require that only managed and compliant devices can access SharePoint Online. This policy will be will be stored in Azure Active Directory.
- In the Microsoft Intune administration console, click Policy > Conditional Access > SharePoint Online Policy.
- Select Enable conditional access policy for SharePoint Online.
- Under Device platforms, you can choose to apply conditional access policy to All platforms
- For windows PCs, the PC must either be domain joined, or enrolled with Intune and compliant. You can set the following requirements: Devices must be domain joined or compliant.
- Under Targeted Groups, click Modify to select the Azure Active Directory security groups to which the policy will apply. You can choose to target this to all users or just a select groups of users.
- Under Exempted Groups, optionally, click Modify to select the Azure Active Directory security groups that are exempt from this policy.
- When you are done, click Save.