Azure Active Directory device status update

Content

The 10.69 platform release provides a new feature called Azure AD Device Status Updates. With this feature, device compliance status within MaaS360 is synchronized with the Azure Device Directory for Windows 10 MDM-enrolled desktops or tablets that use the Windows Out of Box Experience (OOBE) enrollment mode.

Administrators must provide permissions for the MaaS360 app called Azure Device Data Update that is published to the Azure Gallery to synchronize compliance updates to Azure AD using the compliance status. The compliance status reporting provides conditional access to Azure resources.

Note: By default, this feature is disabled. You must contact IBM Support to enable this property for your account.

How this feature works

If this customer property is enabled, the following actions occur:

• An extra option is displayed for Azure integration that allows a user to provide permissions to the MaaS360 Azure Device Data Update app that is published to the Azure Gallery using OAUTH. Tenant credentials are saved in MaaS360.
• If device compliance status changes in the MaaS360 Portal due to any condition (compliance rule changes, device group evaluations, static alignment of rules), the updated compliance status is written to Azure AD.
• Compliance status is updated regularly when a device is compliant or not. The compliance status reporting provides conditional access to Azure resources.

Enabling this feature

1. From the MaaS360 Portal Home page, select Setup > Azure Integration, and then enable the Device Status Update check box.
2. Type the Azure AD Tenant ID and then click Configure.  

The Azure Portal is displayed. 

Sign in to the Global Administrator account.The Permissions screen is displayed.

Click Accept. A successful registration message is displayed. 

The status of the Azure AD configuration is displayed in the MaaS360 Portal.