End User ExperienceĪs in every aspect of IT the end user experience is what matters most.
These could include Microsoft Teams and Outlook. You should deploy this from the Workspace One as well as Applications you want to test Conditional Access with. In order to be able to transport Compliance Data from Device to Azure AD Microsoft Authenticator App is needed on the device. Step 8: Deploy Microsoft Authenticator App to Devices Step 7: Complete the setup wizard to configure Compliance data integrationĬonfigure the remaining options and run Sync with Azure Services and then save the Enterprise Integration Directory Services configuration. Meaning that you dont want to require Compliant device for the actual enrollment because the device cannot be compliant before it is enrolled. The same way you would exclude Intune from Conditional Access Policy in order to prevent “chicken – egg” effect. Step 6: Exclude “Workspace ONE Conditional Access” Application from applicable Conditional Access Policies.
Configuration changes for Application are not needed. Check that the Application is Enabled for Users to Sign In. Go to Enterprise Applications and Add new called “Workspace ONE Conditional Access”. Step 5: Configure Workspace One Conditional Access Application in Azure ADįor Conditional Access and the Compliance data integration to work you will need to add an Enterprise Application to Azure AD.
#Vmware workspace one android#
Step 4: Proceed the setup wizard to configure Compliance data integrationĮnter Tenant name and Immutable ID Mapping Attribute that you can check from Azure AD Connect settings if you dont know what it is.Įnable the user of Compliance Data in Azure Conditional Access Policies and select whether you want to use it for Windows and/or iOS and Android Go to Azure Active Directory -> Mobility (MDM and MAM) and Add “Airwatch by VMware” Application to the list where you already probably have Microsoft IntuneĬonfigure AirWatch Application by entering the URLs that you got from the Azure AD Integration Setup Wizard. Step 3: Configure the Azure AD Airwatch ApplicationĪt this stage what we configure is actually the Mobility (MDM and MAM) Application in Azure AD rather than Enterprise Application. The wizard will then instruct to add Airwatch Application to Azure AD Tenant and provide you with the URLs you configure in the Application You will need to provide Azure AD Directory ID for this.Īlso Enable Azure AD For Identity Services. I recommend assigning to test user group first.įrom Workspace One Management Portal menu select settings and go to Enterprise Integration -> Directory Services and enable Azure AD Integration from “Advanced” section. Also Assign the Compliance Partner configuration to a group of users you want to enable this feature for. In this example the Partner we choose is “VMware Workspace ONE mobile compliance”.
#Vmware workspace one for android#
In this example we add Compliance Partners for Android and iOS. Go to Tenant Administration -> Partner Compliance Management and add Compliance Partners for the necessary platforms. Step 1: Configure Compliance Partner in Intune The order of the configurations is somewhat meaningful so I will not categorize configurations by platform, but rather go through the configuration process as it happens In our example configuration we have the Cloud Connector for AD in place and Enterprise Integration configured using LDAP Directory Type. The important thing here is that the user identity cannot be stand alone in Workspace One in order for this to work.
Obviously the recommendation is to use Intune for Mobile Device Management, but there might be scenarios where that is not possible for whatever reasons. A while back Microsoft introduced the ability to use Third party Mobile Device Management compliance data for Intune and Azure AD device compliance and therefore Azure AD Conditional Access.
0 kommentar(er)
