Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.5, 12.1.3, 11.6.3, 11.5.7
Configuring Azure Conditional Access
Configuring BIG-IP client certificate inspection
To configure BIG-IP client certificate inspection:
Configuring Azure AD conditional access policy
To configure your conditional access policy:
Marking the device as compliant in Azure AD
You can deploy compliance policy to users in user groups or devices in device groups. When a compliance policy is deployed to a user, all of the user's devices are checked for compliance. If a device doesn't have a compliance policy assigned, then this device is considered not compliant. To become a managed device, a device must be a device that has been marked as compliant. To mark the device as compliant in Azure AD:
Adding conditional access to VPN profile
To add a conditional access to VPN profile using Intune:
Configuring custom XML in profile using Intune
F5 Access for Windows Desktop supports the following three authentication flows:
- Username
- Certificate only (no prompt for credentials)
- Username & certificate
These authentication flows can be configured through custom XML commands. You can enter Custom XML commands that configure the VPN connection in F5 Access profile using Intune.
The following example shows how a certificate is configured using custom XML.
<f5-vpn-conf> <prompt-for-credentials>false</prompt-for-credentials> <client-certificate> <issuer>Microsoft VPN root CA gen 1</issuer> </client-certificate> </f5-vpn-conf>

Example of a custom XML command
Refer to Configuration Notes: F5 Access for Microsoft Windows 10 and Windows 10 Mobile for more information.
Accessing certificates
To access pre-defined certificates: