We hope you enjoyed our recent Ask Me Anything on MaaS360 Integration with Azure. In this blog, we've summarized the key points and added some frequently asked questions (FAQs) to help you better understand the features and improvements.
You can find the July 17, 2024 replay and presentation here. MaaS360 Ask Me Anything about Azure Integration
Key Takeaways:
1. User Authentication:
- MaaS360 supports user authentication for enrolled devices, shared devices, forgotten PINs, end-user portal log in, secure docs and apps.
- The default user authentication method is MaaS360's directory, which can be manually populated with local users and groups.
- To add Azure as your user authentication, you can set up user authentication by adding the authentication type, Azure AD, in the Setup Settings Directory and Authentication within the portal or within Setup, Azure Integration in the portal
- Features and functionality remain the same in the upcoming release, but the UI has changed.
2. User Visibility (Renamed to Directory Sync in upcoming release) :
- Imports users and groups from your company's directory source into MaaS360
- Significant improvements for integration with the Azure directory source
- SCIM integration with improved sync times
- Guided migration workflows for customers who are migrating from using on prem Active Directory with Cloud Extender to the Azure cloud integration with MaaS360.
- Group based sync improvements, no limits on the number of groups
3. Conditional access and device compliance:
- MaaS360 can sync device compliance status with Azure, allowing you to manage device compliance centrally in Maas360.
- Conditional access and device compliance sync with Azure is supported for Android, iOS and Windows devices
- Feature and functionality remain the same in the upcoming release, but the UI has changed.
FAQs:
Q: Our environment is hybrid, consisting of both on-premises Active Directory (AD) and Azure AD. We currently have MaaS360 synced with our on-premises AD, but it is not connected to Azure AD. How can I ensure that only iOS devices with MaaS360 installed can access our Office apps, especially Outlook ?
A: I would recommend using Conditional Access policies in Azure to set up the office apps to only be used when MDM enrolled. You would then need to set up MaaS360 Azure Integration and use the Compliance Sync. This will let MaaS360 pass the enrollment status to your Azure portal. So as long as the device is enrolled, it would have access to the office apps.
Q: Can you have Cloud Extender and Active Directory authentication alongside Azure AD as a backup?
A: For Authentication, if all of your user records have Azure AD as the Authentication Type, you could go to Setup> Settings> Basic Enrollment Settings> Authentication Mode for Enrollment and select Active Directory as the Override. Note that this is only for enrollment. And it's important, that you only have Cloud Extender set up for User Authentication and not User Visibility (Directory Sync).
Q:We currently do not have any integration in place, but we do have a Azure tenant on the cloud doing AD Authentication for our O365 resources. If I do want to integrate with Azure AD, would the existing devices that are not tied to a domain account lose access or is the device going to disconnect from Maas360?
A: Devices would not lose access. They will remain enrolled
Q: Can you use other authenticators other then MS Authenticator for the Azure Conditional Access device registration?
A: No, you have to use MS Authenticator for the registration step. You can add it to the MaaS360 App Catalog and distribute to devices.
Q: How does user authentication work in MaaS360?
A: MaaS360 supports user authentication for enrolled devices, shared devices, forgotten PINs, end-user portal login, and secure apps and docs. The default user authentication method is MaaS360's directory, which can be manually populated with local users and groups. For Azure integration, you can set up user authentication by adding the authentication type, Azure AD, in the Setup Settings Directory and Authentication within the portal.
Q: Can I manage Conditional Access and device compliance status for Windows devices with MaaS360 and Azure integration?
A: Yes, the Windows is currently in Beta and will be released shortly. Android and iOS devices are already supported. If you want to use Windows compliance sync prior to GA, please contact IBM Technical Support to join the beta.
Q: When I import a user that does not have a license assigned in Azure, the user is imported to Maas360 without a username. Can i add that username manually?
A: You should be able to import non-license users into MaaS360 from Azure. You can add local users and change the Auth Type to Azure.
Q: What should I do if I have questions or issues after implementing the new features?
A: If you have break/fix issues, please contact IBM Technical Support by selecting the headset icon in the upper right of your portal. Or if you are working with support providing partner, reach out your partner directly. If you have how to questions or need technical guidance, you can reach out to the MaaS360 Customer Success team at the provided email address for assistance
csmaas@us.ibm.com.
We appreciate your continued support and look forward to helping you make the most of these new features. Don't forget to check out the
recording and documentation for more information!
Best Regards,
IBM MaaS360 Customer Success Team