Registering MaaS360 app in the Azure AD tenant

Any application that wants to use the capabilities of Azure AD must be registered in an Azure AD tenant.

Before you begin

Make sure that you have at least one user in your Azure AD organization who is assigned the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator.

About this task

Follow these steps to register your app in the Azure AD tenant:
Note: If you previously registered the MaaS360 app, make sure that you follow these steps to modify the app configuration.

Procedure

  1. Sign in to the Microsoft Azure portal.
  2. In the left navigation pane, click Azure Active Directory > App registrations > New registration.
    The Register an application page is displayed.
  3. Provide the following application registration details:
    App registration in Azure AD
    1. In the Name section, provide the display name of the application.
    2. In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
    3. In the Redirect URI (optional) section, select Web and then provide the following redirect URI: https://login.live.com/oauth20_desktop.srf
    4. Click Register.
      The app is successfully registered.
  4. Open the registered application and then click the Redirect URIs link to configure other URIs that are required by the application to support different authentication request modes.
    Redirect URIs link
    The Platform configurations page is displayed.
  5. Click Add a Platform and then select the iOS / macOS tile.
    Configure iOS and macOS
    The Configure your iOS or macOS app page is displayed.
    1. In the Bundle ID section, add the following Bundle ID: com.fiberlink.maas360forios
      Register the MaaS360 app
    2. Click Configure, and then click Done.
    3. Click Add URI in the iOS / macOS tile and then add the following Bundle ID: com.fiberlink.secureeditor
      iOS Bundle IDs
    4. Click Save.
  6. Click Add a Platform and then select Android.
    The Configure your Android app page is displayed.
    Android app registration
    1. In the Package name section, enter com.fiberlink.maas360.android.control
    2. In the Signature hash section, enter CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    3. Click Configure.
  7. Use the Add URI workflow to add the following Signature hash and package names to the Android tile.
    Package names Signature hash
    com.fiberlink.maas360.android.secureviewer CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    com.fiberlink.maas360.android.pim
    com.fiberlink.maas360.android.secureeditor
    com.fiberlink.maas360.android.docs
    Android URIs
  8. In the Mobile and desktop applications tile, add the following redirect URIs and then click Save.
    • maas360://com.fiberlink.maas360forios
    • maas360se://com.fiberlink.secureeditor
    • maas360://com.fiberlink.maas360.enterpriseSE
    • maas360://msal/auth
    Mobile and desktop application redirect URIs
  9. In the left navigation pane, click Manifest and verify that the following URLs are listed in the application manifest file:
    • msauth://code/msauth.com.fiberlink.maas360forios%3A%2F%2Fauth
    • msauth://code/msauth.com.fiberlink.secureeditor%3A%2F%2Fauth
    Application manifest file
  10. In the left navigation pane, click API permissions and add the following permissions:
    API Permission Type
    Microsoft APIs > Azure Rights Management Services (1) user_impersonation Delegated
    APIs my organization uses > Device Registration Service (1)
    Note: The following conditions apply to this permission:
    • Mandatory for synchronizing device compliance status for Android and iOS in Azure Integration
    • Optional for enabling single sign-on (SSO) access for Office 365 modern authentication
    		 self_service_device_delete Delegated
    Microsoft APIs > Microsoft Graph (17)
    • Calendars.ReadWrite
    • Calendars.ReadWrite.Shared
    • Contacts.ReadWrite
    • Contacts.ReadWrite.Shared
    • EAS.AccessAsUser.All
    • EWS.AccessAsUser.All
    • Files.ReadWrite.All
    • Mail.ReadWrite
    • Mail.ReadWrite.Shared
    • Mail.Send
    • Mail.Send.Shared
    • Notes.ReadWrite.All
    • ShortNotes.ReadWrite
    • Sites.ReadWrite.All
    • Tasks.ReadWrite
    • Tasks.ReadWrite.Shared
    • User.Read
    		 Delegated
    Microsoft APIs > SharePoint (4)
    • AllSites.FullControl
    • AllSites.Manage
    • MyFiles.Write
    • Sites.Search.All
    		 Delegated
    Note: For more information about API permissions, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent.
  11. Click Grant admin consent for <tenant name>.
    Azure grant admin consent
    Admin consent is granted for requested permissions. The Status column reflects that consent has been Granted for <tenant name>.
  12. In the left navigation pane, click Overview and then copy the Application (client) ID.
    Client ID
    Note: The Application ID that is used in MaaS360® is also the Client ID.