Registering MaaS360 app in the Azure AD tenant

Any application that wants to use the capabilities of Azure AD must be registered in an Azure AD tenant.

Before you begin

Make sure that you have at least one user in your Azure AD organization who is assigned the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator.

About this task

Follow these steps to register your app in the Azure AD tenant:
Note: If you previously registered the MaaS360 app, make sure that you follow these steps to modify the app configuration.

Procedure

  1. Sign in to the Microsoft Azure portal.
  2. In the Azure Services section, select App registrations.
    The App registrations page is displayed.
  3. Click New registration.
    The Register an application page is displayed.
  4. Provide the following application registration details:
    1. In the Name section, provide the display name of the application.
    2. In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
    3. In the Redirect URI (optional) section, select Web and then provide the following redirect URI: https://login.live.com/oauth20_desktop.srf
    4. Click Register.
      The app is successfully created.
  5. Open the registered application and then click the Redirect URIs link to configure other URIs that are required by the application to support different authentication request modes.
    Redirect URIs link
    The Platform configurations page is displayed.
  6. Click Add a Platform and then select the iOS / macOS tile.
    Configure iOS and macOS
    The Configure your iOS or macOS app window is displayed.
    1. In the Bundle ID section, add the following Bundle ID: com.fiberlink.maas360forios
    2. Click Configure, and then click Done.
    3. Click Add URI in the iOS / macOS tile and then add the following Bundle ID: com.fiberlink.secureeditor
    4. Click Save.
  7. Click Add a Platform and then select Android.
    The Configure your Android app window is displayed.
    Android app registration
    1. In the Package name section, enter com.fiberlink.maas360.android.control
    2. In the Signature hash section, enter CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    3. Click Configure and then click Done.
  8. Use the Add URI workflow to add the following Signature hash and package names to the Android tile.
    Package names Signature hash
    com.fiberlink.maas360.android.secureviewer CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    com.fiberlink.maas360.android.pim
    com.fiberlink.maas360.android.secureeditor
    com.fiberlink.maas360.android.docs
  9. Click Save.
  10. Click Add a platform and then select Mobile and desktop applications.
    The Configure Desktop + devices window is displayed.
  11. In Custom redirect URIs, enter maas360://com.fiberlink.maas360forios and then click Configure.
  12. In the Mobile and desktop applications tile, add the following redirect URIs and then click Save.
    • maas360se://com.fiberlink.secureeditor
    • maas360://com.fiberlink.maas360.enterpriseSE
    • maas360://msal/auth
    • maas360://adal/auth
  13. In the left navigation pane, click Manifest and verify that the following URLs are listed in the application manifest file:
    • msauth://code/msauth.com.fiberlink.maas360forios%3A%2F%2Fauth
    • msauth://code/msauth.com.fiberlink.secureeditor%3A%2F%2Fauth
    Application manifest file
  14. In the left navigation pane, click API permissions and add the following permissions:
    API Permission Type
    Microsoft APIs > Azure Rights Management Services (1) user_impersonation Delegated
    APIs my organization uses > Device Registration Service (1)
    Note: The following conditions apply to this permission:
    • Mandatory for synchronizing device compliance status for Android and iOS in Azure Integration
    • Optional for enabling single sign-on (SSO) access for Office 365 modern authentication
    		 self_service_device_delete Delegated
    Microsoft APIs > Microsoft Graph (17)
    • Calendars.ReadWrite
    • Calendars.ReadWrite.Shared
    • Contacts.ReadWrite
    • Contacts.ReadWrite.Shared
    • EAS.AccessAsUser.All
    • EWS.AccessAsUser.All
    • Files.ReadWrite.All
    • Mail.ReadWrite
    • Mail.ReadWrite.Shared
    • Mail.Send
    • Mail.Send.Shared
    • Notes.ReadWrite.All
    • ShortNotes.ReadWrite
    • Sites.ReadWrite.All
    • Tasks.ReadWrite
    • Tasks.ReadWrite.Shared
    • User.Read
    		 Delegated
    Microsoft APIs > SharePoint (4)
    • AllSites.FullControl
    • AllSites.Manage
    • MyFiles.Write
    • Sites.Search.All
    		 Delegated
    Note: For more information about API permissions, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent.
  15. Click Grant admin consent for <tenant name>.
    Azure grant admin consent
    Admin consent is granted for the requested permissions. The Status column shows a green tickmark next to each permission to indicate that consent has been granted.
  16. In the left navigation pane, click Overview and then copy the Application (client) ID.
    Client ID
    Note: The Application (client) ID is used in MaaS360® as the Client ID.