IBM MaaS360

 View Only

 Entra ID Device Compliance

Graham Stevenson's profile image
Graham Stevenson posted Thu March 20, 2025 04:45 AM

We've always used the Entra ID integration for our user accounts but have recently setup the device compliance element as well. We're still testing it but cannot seem to get it to work correctly.

The admin side of things appears to be configured correctly and on our test device we have gone through the process of opening the MaaS360 app and configuring the Microsoft Authenticator app under Corporate Settings which is showing as enabled. The device is showing in Entra ID and is showing as compliant. We have configured a conditional access policy and applied it only to our test user which mandates device compliance. 

When I open up the browser on the phone and attempt to login to a resource such as portal.office.com, after entering the sign in details I am still prompted to register my device with my organisation to continue, if I click continue I am taken to a Maas360 invalid enrolment request screen and we are pretty much stuck at this point.

Has anyone come across this and come up with a solution?

Eamonn O'Mahony's profile image
Eamonn O'Mahony

Hi Graham

One thing that comes to mind is ensuring: 

  • That Entra ID groups have been synched
  • That the users being tested are a member of the groups
  • That the policies in Azure/Entra ID have been applied to the groups on that side

Failing that you can follow the series of blogs that my colleeague Margaret Radford did and which followed the integration end-to-end. 

https://community.ibm.com/community/user/security/blogs/margaret-radford/2024/07/25/maas360-ask-me-anything-about-azure-integration-wi