With Windows 10, Microsoft has introduced an advanced protection system integrated with Windows Defender caller Windows Defender Advanced Threat Protection (WDATP) (see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection to know more).

Now, with Intune you can also use Windows Defender ATP status to allow/deny access to resources.

To use Windows Defender ATP in your conditional access, go to your Azure ARM portal (https://portal.azure.com) and access your Intune\Device Compliance configuration blade


Access the policies blade and create a new compliance requirement as follow:

  • Name: name the new compliance rule as you wish; as usual make it understandable
  • Platform: Windows 10 or later
  • Settings
    • Device Health: edit the Require the device to be at or under the Device Threat Level option to match your requirements

The device threat levels are going from Secured (highest security level) to Low


Any Windows 10 devices with WDATP with a threat level higher than the one defined here will be denied to access the resources.