Meraki

Community

Microsoft Entra ID Integration with Splash Page Restrict by Device

amabt
Building a reputation
‎Oct 22 2025 4:20 PM
‎Oct 22 2025 4:20 PM

Microsoft Entra ID Integration with Splash Page Restrict by Device

I got Microsoft Entra ID Integration with Splash Page working. However, we are looking at restricting the devices that can access via this Entra Auth.

 

I cannot see any option or mention of this in the docs. Is this possible currently or we need to look at the New Network access manager or go 3rd party?

 

Thanks.

0 Kudos
5 Replies 5
RWelch
Kind of a big deal
Kind of a big deal
‎Oct 22 2025 5:06 PM
‎Oct 22 2025 5:06 PM

If your infrastructure has the required hardware, you might consider Access Manager.

Access Manager Datasheet  

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
amabt
Building a reputation
‎Oct 22 2025 6:01 PM
‎Oct 22 2025 6:01 PM

Thanks. I was just reading up on that earlier, looks like it'll do the job. The big question is if that will be part of our EA licensing or cheaper to go 3rd party cloud Radius.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 23 2025 1:07 PM
‎Oct 23 2025 1:07 PM

Typically, if you wanted to restrict which devices have access to an application in an Entra ID world, you would use a Conditional Access policy.

 

You can configure a "Named Location" and mark it as trusted.

PhilipDAth_0-1761249810184.png

 

In the "Grant" section you can also require that a device is required to be compliant:

PhilipDAth_1-1761249878743.png

 

And then you can create an Intune compliance policy to define what you mean by that.

PhilipDAth_2-1761249940215.png

 

 

It is quite a lot of hassle if you don't have Entra ID conditional access in use, combined with Intune and compliance policies.

 

Cisco Duo makes this kind of thing easy with its Trusted Devices feature.  You can say things like "Every device in my AD or my Intune are trusted", and then you can add specific manual overrides for special cases (like contractors).

https://duo.com/docs/trusted-endpoints

 

0 Kudos
In response to PhilipDAth
amabt
Building a reputation
‎Oct 23 2025 7:22 PM
‎Oct 23 2025 7:22 PM

Thanks for you reply. Definitely a hassle not not very manageable.

0 Kudos
In response to PhilipDAth
GavinMcMenemy
Building a reputation
a month ago
a month ago

The other issue with doing this is that it's not uncommon for a device to go out of compliance for reasons that are out of a users control. We've been looking into this one and we're not sure how viable it really is. But sure it might work for the majority.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.