cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Enforce GlobalProtect Access Based on Microsoft Intune Compliance Status

Hello Palo Alto Community,

 

One of my customers previously used on-premises Active Directory and has now migrated to Microsoft Entra ID and Microsoft Intune.

 

All endpoints in the environment are Windows 11 computers.

 

They have a requirement to allow access to sensitive internal destinations through GlobalProtect only from Intune-compliant devices. Devices that are not compliant with Intune policies should be blocked from accessing these resources.

 

I would like to know whether this requirement can be achieved using HIP checks in GlobalProtect . Specifically, is there a way to validate Microsoft Intune device compliance status through HIP and use that information in security policies to allow or deny access ?

 

Has anyone implemented a similar setup with GlobalProtect , Entra ID, and Intune compliance-based access control ?

 

Any guidance, recommended approach, or reference documentation would be highly appreciated.

 

Thank you.

Who Me Too'd this topic