IBM Security MaaS360

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Osvaldo

Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation. 

Thanks

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Eamonn,
Sorry being late on this, Just Onprime AD is connected to Maas360. Thank you for asking, i really appreciate it.

Hi Osvaldo

Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation. 

Thanks

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Osvaldo

This makes things easier. You could connect the Azure AD directory to MaaS360 also but this would make user synch and updates more complicated. I'm assuming you are using AD Connect or ADFS to perform the 'bridge to cloud' from your OnPrem AD. If this is the case: 

• Cloud Extender can be used with the OnPrem AD
• Cloud Extender can also be used with the Office365 instance to perform AutoQuarantine and use the block mechanism that you were seeking to do to block unenrolled devices

In addition to this which mail client are you using for users to consult professional email on mobile devices? Sorry for delaying this with more questions but I just need to understand this point and can then make a final recommendation. 

Best

Hi Eamonn,
Sorry being late on this, Just Onprime AD is connected to Maas360. Thank you for asking, i really appreciate it.

Hi Osvaldo

Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation. 

Thanks

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

User are using Outlook for emails, i did really thought on using Azure AD but it will make it more complicated and we don't want users to access emails from their personal phones that has no Maas360.

As we have we use Cloud extender onprime and OnPrime AD, what would be the best practice to achieve this goal ?

Hi Osvaldo

This makes things easier. You could connect the Azure AD directory to MaaS360 also but this would make user synch and updates more complicated. I'm assuming you are using AD Connect or ADFS to perform the 'bridge to cloud' from your OnPrem AD. If this is the case: 

• Cloud Extender can be used with the OnPrem AD
• Cloud Extender can also be used with the Office365 instance to perform AutoQuarantine and use the block mechanism that you were seeking to do to block unenrolled devices

In addition to this which mail client are you using for users to consult professional email on mobile devices? Sorry for delaying this with more questions but I just need to understand this point and can then make a final recommendation. 

Best

Hi Eamonn,
Sorry being late on this, Just Onprime AD is connected to Maas360. Thank you for asking, i really appreciate it.

Hi Osvaldo

Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation. 

Thanks

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?

Hi Osvaldo

It's important at this stage that you read some documentation and take training, this won't be achieved by us exchanging emails. 

Please have a look at the training and documentation below. The major steps to take are: install and configure Cloud Extender, set up Cloud Extender settings to use AutoQuarantine for Office365, create a device group rule to recognise the Outlook identifier, and use a device group-based compliance rule to block the devices if not enrolled.  

Configuration of Exchange module on Cloud Extender

https://www.ibm.com/docs/en/maas360?topic=modules-exchange-module

This pre-supposes you have set up a Cloud Extender server, we have done some training on this at the following link if you need: 

https://community.ibm.com/community/user/security/blogs/ciaran-darcy/2020/07/30/technical-intro-series

Cloud Extender settings: set up AutoQuarantine

https://www.ibm.com/docs/en/maas360?topic=module-cloud-extender-settings-in-maas360-portal

Setting up compliance rules

https://www.ibm.com/docs/en/maas360?topic=security-applying-compliance-rules-devices

For Outlook clients you could create a device group based on the record names in MaaS360 (mail account configurations will appear as separate devices) and then you can achieve the configuration through a group-based compliance rule: 

https://www.ibm.com/docs/en/maas360?topic=devices-creating-compliance-rule

Best regards

User are using Outlook for emails, i did really thought on using Azure AD but it will make it more complicated and we don't want users to access emails from their personal phones that has no Maas360.

As we have we use Cloud extender onprime and OnPrime AD, what would be the best practice to achieve this goal ?

Hi Osvaldo

This makes things easier. You could connect the Azure AD directory to MaaS360 also but this would make user synch and updates more complicated. I'm assuming you are using AD Connect or ADFS to perform the 'bridge to cloud' from your OnPrem AD. If this is the case: 

• Cloud Extender can be used with the OnPrem AD
• Cloud Extender can also be used with the Office365 instance to perform AutoQuarantine and use the block mechanism that you were seeking to do to block unenrolled devices

In addition to this which mail client are you using for users to consult professional email on mobile devices? Sorry for delaying this with more questions but I just need to understand this point and can then make a final recommendation. 

Best

Hi Eamonn,
Sorry being late on this, Just Onprime AD is connected to Maas360. Thank you for asking, i really appreciate it.

Hi Osvaldo

Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation. 

Thanks

Additional Information:

We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.

Hi Osvaldo

This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using. 

1. As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
2. Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s

Please note that both of these strategies require consideration as to the use case: 

• For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
• But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best

If you want to give more information about your environment I can make a recommendation for you. 

Hi Team,

I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?