How to Integrate MDM Solution with Microsoft EMS Conditional Access in China

Grant 1 Reputation point
2022-04-28T11:25:24.84+00:00

We are the leading provider of MDM in China. We want to work with Microsoft to support EMS conditional access to ensure trusted users can access applications such as Office 365, especially to support cell phone models specific to the Chinese market.

Could anyone here tell me how to move forward on this? Thank you very much.

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
935 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,471 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,346 Reputation points
    2022-04-29T02:58:43.717+00:00

    @Grant Thanks for posting in our Q&A.

    For conditional access policy deployment, we can refer to the following article:
    https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune#create-the-conditional-access-policy

    For the scenario you want, I will clarify the settings in the conditional access policy. It is suggested to try to configure the following settings:

    1. Select "all users" in Users or workload identities
    2. Add "office 365" in Cloud apps or actions
    3. Select the device platforms(for example: android) you want in Conditions' Device platform and select both "Browser" and "Mobile apps and desktop clients" in Conditions'Client apps.
    4. Select which requirement the end users need to meet in grant access.(for example: Require device to be marked as compliant)
    5. Set "Enable policy" to "On".

    I just describe the example. When a user signs in a office 365 app on the compliant android device, it will access successfully. However, when the android device is not compliant, it will block the access.

    Hope it will help.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Lu Dai-MSFT 28,346 Reputation points
    2022-04-29T04:38:17.173+00:00

    @Grant Thanks for your clarify. I misunderstand your requirement before. Currently, the supported device compliance partners are in the following as you said:
    BlackBerry UEM
    Citrix Workspace device compliance
    IBM MaaS360
    JAMF Pro
    MobileIron Device Compliance Cloud
    MobileIron Device Compliance On-prem
    SOTI MobiControl
    VMware Workspace ONE UEM (formerly AirWatch)
    https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-partners#supported-device-compliance-partners

    Honestly, I am just familiar with the use of intune features. For how to become a device compliance partner, it is out of my scope. With Q&A limitation resources, it is suggested to try to create an online support ticket to find if there is any method. Here is the support link:
    https://learn.microsoft.com/en-us/mem/get-support

    Thanks for your understanding.

    0 comments