Registering devices for Microsoft Entra Conditional Access

Device users can register their devices with Microsoft Entra ID for Conditional Access, by using the Microsoft Authenticator broker app.

After registration, the MaaS360® Portal sends the device compliance status that is returned by the devices to Microsoft Entra ID. Conditional Access then determines whether to grant or deny access to Microsoft-approved cloud apps.

Android

Follow these steps to register your Android devices in Microsoft Entra ID.
  1. Open the MaaS360 for Android app and go to Settings > Corporate Settings and tap Configure Microsoft Authenticator.

    The Play Store page for the Microsoft Authenticator app is displayed.

  2. Install the Microsoft Authenticator app.
  3. After installation, tap the Configure Microsoft Authenticator option in Corporate Settings again to initiate the device registration. The Register your device screen is displayed.
  4. Click Continue.

    The Microsoft Sign-in page is displayed.

  5. Provide valid user credentials and follow the on-screen instructions to complete the registration.

    A device record is created in the Microsoft Entra Portal. If the registration fails, contact your corporate administrator.

  6. (Optional) After registering the device to Microsoft Entra ID for Conditional access, tap the Recheck Status button in the Configure Authenticator screen to check the latest device registration status.
    Note: If the authentication details are missing or the device is removed from the Microsoft Entra Portal, users are redirected to the authentication screen to complete the device registration again.

iOS

Follow these steps to register your iOS devices in Microsoft Entra ID:
  1. Open the MaaS360 for iOS app and go to Settings > General Settings and tap Configure Microsoft Authenticator.

    If the Microsoft Authenticator app is unavailable, users must download and install the app by tapping Download and Install.

  2. Tap Register.
  3. Provide valid user credentials and follow the on-screen instructions to complete the registration.

    A device record is created in the Microsoft Entra Portal. If the registration fails, contact your corporate administrator.

Windows

You can register a Windows computer for Conditional Access by joining your Entra Active Directory. During Microsoft Entra ID registration, you must enroll your device in MaaS360 Portal.

Prerequisites

Setup the Windows OOBE in the IBM® MaaS360 Portal and in Microsoft Azure. For more information, see Setting up Windows Enrollment in the IBM MaaS360 Portal and Microsoft Entra.

You can register the Windows device by using the Out-Of-Box- Experience or Manually. Follow these steps to register your device to Microsoft Entra.

Using Windows Out-Of-Box Experience
  1. Administrators can automatically enroll a device in the Microsoft Entra ID. To enroll a Windows device that uses Windows OOBE to register with Microsoft Azure, you must setup the Windows device from factory reset state. For more information, see Setting up a Windows device from a factory reset state.
Using the Join Entra Active Directory
  1. On your Windows PC, go to Start > Settings > Accounts > Access work or school, and click Connect. Select Join this device to Entra Active Directory and enter your Microsoft Entra email address.
  2. Enter your password, and click Sign in.
  3. On the IBM MaaS360 Accept Terms page, accept the terms, and then click Continue.
  4. On the IBM MaaS360 Install Apps page, click Continue to accept app installation on the device.

    The Make sure this is your organization page is displayed, click Join to accept MDM policies on the device.

    The You're all set screen is displayed.

  5. On the You're all set page, click Done.

    You completed the steps for enrolling a device that uses Windows OOBE to register with Microsoft Azure.

How it works

Conditional Access verifies the device's enrollment status, Microsoft Entra ID registration, and compliance with corporate policies before granting access to Microsoft-approved cloud services or applications. If the device fails to meet the organization's policy criteria, MaaS360 blocks access to Microsoft services and applications.