Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Edge for Business integrates with Clever to enable secure authentication from Entra-joined Windows devices. Through Classroom MFA policies, administrators can allow Clever to conditionally waive MFA prompts when users sign in from Edge browsers on school-issued devices. Access from personal or unmanaged devices continues to require full MFA authentication.
Prerequisites
See: Connectors Overview - Microsoft Edge
- Clever Admin Access: See Clever Roles: Overview of Roles & Permissions
- Microsoft Admin Access: Access to both Microsoft 365 and Microsoft Entra Admin Centers
- Microsoft Entra tenant ID
Configure Clever MFA Policy
See: For Clever Admins: Classroom MFA setup
Access MFA policy
- Log into Clever as a Clever Admin.
- Navigate to Authentication > Classroom MFA > MFA Policy.
- Create a new policy by selecting Add MFA policy or edit an existing MFA policy.
Configure MFA policy
- In the MFA wizard, continue with configuration until Step 3: MFA Settings.
- Select how often a user will be prompted to MFA while logging into Clever.
- Add more conditions to Every 7 days or Every 30 days by selecting Advanced settings. For Never, settings appear automatically.
Enable Device Trust
- Check Allow Device Trust using Microsoft Edge browser.
- Enter your Microsoft Entra Tenant ID in the provided field.
Copy URL and Save
- Copy the URL displayed. You’ll need this for Microsoft configuration.
- Continue with the remaining MFA policy steps.
Configure the Connector in the Edge Management Service
Navigate to the Microsoft Admin Center
Go to https://admin.microsoft.com/Adminportal/Home#/Edge/Connectors- Admins must set up a configuration policy to assign to any Connector configuration. Follow this guide to create a configuration policy.
- Once you have at least one configuration policy created, visit the Connectors page in the Edge Management Service to access the Connectors page in the Edge Management Service.
Discover the Connector
Under Discover Connectors, locate the Clever Device Trust Connector and select Set up.Select a Policy
In the Choose policy field, select a policy appropriate for your Connector configuration.Enter URL patterns
In the URL patterns to allow, one per line field, input the URL for your configuration.Provide Consent for the IDP Service Principal
In the Application (client) ID field, select Consent to grant Clever access to retrieve device signals.Save the Configuration
Verify Your Setup
Finally, you can verify the policy sync and test the authentication flow on both managed and unmanaged devices.
Confirm Policy Sync
- On a school-managed Windows device, have a test user sign into their managed Microsoft Edge profile:
- Open Edge and navigate to
edge://policy. - Select Reload Policies.
- Open Edge and navigate to
- Verification: You should see the policy appear in the list, containing a Clever URL.
- On a school-managed Windows device, have a test user sign into their managed Microsoft Edge profile:
Test Trusted Device Experience
- Using the Edge browser where the policy is active:
- Navigate to your school’s Clever login page.
- Sign in with a user account in the MFA policy.
- Expected result: Because the user is assigned the Edge policy and the device is Entra-joined, Clever recognizes the “safe zone”. The MFA prompt is conditionally waived, and the user proceeds to their portal.
- Using the Edge browser where the policy is active:
Test Untrusted Device Experience
- Have the same user sign into Clever from a personal device or a non-Edge browser.
- Expected result: The device trust check fails or is not applicable and the user is prompted for MFA as configured in the policy.