How to deal with different access policies to SAP apps regarding managed/unmanaged devices?

[pmeuser]

What I am missing a little bit in this article: I have several requests to allow access to some SAP apps behind IAS by unmanaged devices, while others - especially privileged admin access - should require compliant devices. How can this be achieved using AAD CA policies, when IAS is only visible as a single enterprise app?

Any clarification is much appreciated!

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 3004d0b0-fade-8668-790a-7211ecdfa789
• Version Independent ID: 6a3b9340-22ae-83c1-01c5-5830ee72b585
• Content: Scenario - Using Azure Active Directory to secure access to SAP platforms and applications
• Content Source: articles/active-directory/fundamentals/scenario-azure-first-sap-identity-integration.md
• Service: active-directory
• Sub-service: fundamentals
• GitHub Login: @xstof
• Microsoft Alias: christoc

[JamesTran-MSFT]

@pmeuser Thanks for your feedback! We will investigate and update as appropriate.

[JamesTran-MSFT]

@pmeuser Thank you for your time and patience throughout this issue.

Since this issue isn't directly related to improving our docs, and to gain a better understanding of your issue, I'd recommend working closer with our support team via an Azure support request. Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.