Registering devices for Microsoft Entra Conditional Access
Device users can register their devices with Microsoft Entra ID for Conditional Access, by using the Microsoft Authenticator broker app.
After registration, the MaaS360® Portal sends the device compliance status that is returned by the devices to Microsoft Entra ID. Conditional Access then determines whether to grant or deny access to Microsoft-approved cloud apps.
Android
- Open the MaaS360 for Android app and go to
and tap Configure Microsoft
Authenticator.
The Play Store page for the Microsoft Authenticator app is displayed.
- Install the Microsoft Authenticator app.
- After installation, tap the Configure Microsoft Authenticator option in Corporate Settings again to initiate the device registration. The Register your device screen is displayed.
- Click Continue.
The Microsoft Sign-in page is displayed.
- Provide valid user credentials and follow the on-screen instructions to complete the
registration.
A device record is created in the Microsoft Entra Portal. If the registration fails, contact your corporate administrator.
- (Optional) After registering the device to Microsoft Entra
ID for Conditional
access, tap the Recheck Status button in the Configure
Authenticator screen to check the latest device registration status. Note: If the authentication details are missing or the device is removed from the Microsoft Entra Portal, users are redirected to the authentication screen to complete the device registration again.
iOS
- Open the MaaS360 for iOS app and go to
and tap Configure Microsoft
Authenticator.
If the Microsoft Authenticator app is unavailable, users must download and install the app by tapping Download and Install.
- Tap Register.
- Provide valid user credentials and follow the on-screen instructions to complete the
registration.
A device record is created in the Microsoft Entra Portal. If the registration fails, contact your corporate administrator.
Windows
You can register a Windows computer for Conditional Access by joining your Entra Active Directory. During Microsoft Entra ID registration, you must enroll your device in MaaS360 Portal.
Prerequisites
Setup the Windows OOBE in the IBM® MaaS360 Portal and in Microsoft Azure. For more information, see Setting up Windows Enrollment in the IBM MaaS360 Portal and Microsoft Entra.
You can register the Windows device by using the Out-Of-Box- Experience or Manually. Follow these steps to register your device to Microsoft Entra.
- Administrators can automatically enroll a device in the Microsoft Entra ID. To enroll a Windows device that uses Windows OOBE to register with Microsoft Azure, you must setup the Windows device from factory reset state. For more information, see Setting up a Windows device from a factory reset state.
- On your Windows PC, go to , and click Connect. Select Join this device to Entra Active Directory and enter your Microsoft Entra email address.
- Enter your password, and click Sign in.
- On the IBM MaaS360 Accept Terms page, accept the terms, and then click Continue.
- On the IBM MaaS360 Install Apps page, click
Continue to accept app installation on the device.
The Make sure this is your organization page is displayed, click Join to accept MDM policies on the device.
The You're all set screen is displayed.
- On the You're all set page, click Done.
You completed the steps for enrolling a device that uses Windows OOBE to register with Microsoft Azure.
How it works
Conditional Access verifies the device's enrollment status, Microsoft Entra ID registration, and compliance with corporate policies before granting access to Microsoft-approved cloud services or applications. If the device fails to meet the organization's policy criteria, MaaS360 blocks access to Microsoft services and applications.