JollyRaccoon4
commented
5 months ago Thanks @oobedan (and apologies again for slow responses)
This definitely makes sense, and configuring a TLS endpoint that would switch successfully connected Entra joined devices to the authenticated network (domain firewall profile) does indeed provide a strong benefit in many cases.
That said, some of the settings are currently under development and may only be applicable for Windows insider preview. Our focus for the Blueprint is solely on features that gave made it to General Availability.
We will continue to track this one as it makes its way through Microsoft's release process, and include in the Blueprint in the future if it fits well at that time.
Thanks again
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-networklistmanager#allowedtlsauthenticationendpoints
Mobile clients can determine if on CORP network or on public networks and envoke the right Windows Firewall policy (Domain, Private) etc. This is now supported and works on Entra Joined devices.