Registering MaaS360 app in the Azure AD tenant

To use the Azure AD capabilities, register your application in an Azure AD tenant.

Before you begin

Make sure that you have at least one user in your Azure AD organization who is assigned the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator.

About this task

If you previously registered the MaaS360 app, use the following steps to modify the app configuration.

Procedure

  1. Sign in to the Microsoft Azure portal.
  2. On the home page, enter App registrations in the search bar.
  3. Select App registrations in the search results and click New registration.
  4. On the Register an application page, provide the following application registration details:
    1. In the Name section, provide the display name of the application.
    2. In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
    3. In the Redirect URI (optional) section, select Web as the platform and then provide the following redirect URI: https://login.live.com/oauth20_desktop.srf.
    4. Click Register.
  5. Open the registered application and click the Redirect URIs link. This link opens the Platform configurations page where you can configure other URIs to support different authentication request modes.
  6. Click Add a platform and select iOS / macOS. In the Configure your iOS or macOS app window, add the following details.
    1. In the Bundle ID section, add com.fiberlink.maas360forios.
    2. Click Configure, and then click Done.
    3. In the iOS / macOS tile, click Add URI and add com.fiberlink.secureeditor.
    4. Click Save.
  7. Click Add a platform and then select Android. In the Configure your Android app window, add the following details.
    1. In the Package name section, enter com.fiberlink.maas360.android.control.
    2. In the Signature hash section, enter CmEXJHMZd6jmCFu2ZnAknF3r4VA=.
    3. Click Configure and then click Done.
  8. In the Android tile, click Add URI workflow and add the following package names. Set CmEXJHMZd6jmCFu2ZnAknF3r4VA= as the Signature hash and then click Save.
    • com.fiberlink.maas360.android.secureviewer
    • com.fiberlink.maas360.android.pim
    • com.fiberlink.maas360.android.secureeditor
    • com.fiberlink.maas360.android.docs
  9. Click Add a platform and then select Mobile and desktop applications.
  10. In the Configure Desktop + devices window, enter maas360://com.fiberlink.maas360forios in Custom redirect URIs and then click Configure.
  11. In the Mobile and desktop applications tile, add the following redirect URIs and then click Save.
    • maas360se://com.fiberlink.secureeditor
    • maas360://com.fiberlink.maas360.enterpriseSE
    • maas360://msal/auth
    • maas360://adal/auth
  12. In the left navigation pane, select Manage and click Manifest. Verify that the following URLs are listed in the application manifest file:
    • msauth://code/msauth.com.fiberlink.maas360forios%3A%2F%2Fauth
    • msauth://code/msauth.com.fiberlink.secureeditor%3A%2F%2Fauth
  13. In the left navigation pane, select Manage and click API permissions.
  14. Click Add a permission and add the following permissions:
    API Type Permission
    Microsoft APIs > Azure Rights Management Services Delegated permissions user_impersonation
    APIs my organization uses > Device Registration Service Delegated permissions self_service_device_delete
    The following conditions apply to this permission:
    • Mandatory for synchronizing device compliance status for Android and iOS in Azure Integration.
    • Optional for enabling single sign-on (SSO) access for Office 365 modern authentication.
    Microsoft APIs > Microsoft Graph Delegated permissions
    • Calendars.ReadWrite
    • Calendars.ReadWrite.Shared
    • Contacts.ReadWrite
    • Contacts.ReadWrite.Shared
    • EAS.AccessAsUser.All
    • EWS.AccessAsUser.All
    • Files.ReadWrite.All
    • Mail.ReadWrite
    • Mail.ReadWrite.Shared
    • Mail.Send
    • Mail.Send.Shared
    • Notes.ReadWrite.All
    • ShortNotes.ReadWrite
    • Sites.ReadWrite.All
    • Tasks.ReadWrite
    • Tasks.ReadWrite.Shared
    • User.Read
    Microsoft APIs > SharePoint Delegated permissions
    • AllSites.FullControl
    • AllSites.Manage
    • MyFiles.Write
    • Sites.Search.All
    Note: For more information about API permissions, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent.
  15. Click Grant admin consent for <tenant name> and then click Yes.
    Admin consent is granted for the requested permissions. The Status column displays a green checkmark next to each permission to indicate that consent is now granted.
  16. In the left navigation pane, click Overview and then copy the Application (client) ID to use as the Client ID in MaaS360®.

Results

Your app is successfully registered in the Azure AD tenant.