- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-07-2026 06:09 AM - edited 05-07-2026 06:12 AM
Hello Palo Alto Community,
One of my customers previously used on-premises Active Directory and has now migrated to Microsoft Entra ID and Microsoft Intune.
All endpoints in the environment are Windows 11 computers.
They have a requirement to allow access to sensitive internal destinations through GlobalProtect only from Intune-compliant devices. Devices that are not compliant with Intune policies should be blocked from accessing these resources.
I would like to know whether this requirement can be achieved using HIP checks in GlobalProtect . Specifically, is there a way to validate Microsoft Intune device compliance status through HIP and use that information in security policies to allow or deny access ?
Has anyone implemented a similar setup with GlobalProtect , Entra ID, and Intune compliance-based access control ?
Any guidance, recommended approach, or reference documentation would be highly appreciated.
Thank you.