You are right, i am going to read it and understand the process of implementation. Thank you for your time.
Original Message:
Sent: Fri June 21, 2024 04:13 AM
From: Eamonn O'Mahony
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Osvaldo
It's important at this stage that you read some documentation and take training, this won't be achieved by us exchanging emails.
Please have a look at the training and documentation below. The major steps to take are: install and configure Cloud Extender, set up Cloud Extender settings to use AutoQuarantine for Office365, create a device group rule to recognise the Outlook identifier, and use a device group-based compliance rule to block the devices if not enrolled.
Configuration of Exchange module on Cloud Extender
https://www.ibm.com/docs/en/maas360?topic=modules-exchange-module
This pre-supposes you have set up a Cloud Extender server, we have done some training on this at the following link if you need:
https://community.ibm.com/community/user/security/blogs/ciaran-darcy/2020/07/30/technical-intro-series
Cloud Extender settings: set up AutoQuarantine
https://www.ibm.com/docs/en/maas360?topic=module-cloud-extender-settings-in-maas360-portal
Setting up compliance rules
https://www.ibm.com/docs/en/maas360?topic=security-applying-compliance-rules-devices
For Outlook clients you could create a device group based on the record names in MaaS360 (mail account configurations will appear as separate devices) and then you can achieve the configuration through a group-based compliance rule:
https://www.ibm.com/docs/en/maas360?topic=devices-creating-compliance-rule
Best regards
------------------------------
Eamonn O'Mahony
Client Success Manager
IBM Security
Dublin
Original Message:
Sent: Thu June 20, 2024 09:52 AM
From: Osvaldo Luemba
Subject: Allow Only Devices With Mass360 to Access OutLook
User are using Outlook for emails, i did really thought on using Azure AD but it will make it more complicated and we don't want users to access emails from their personal phones that has no Maas360.
As we have we use Cloud extender onprime and OnPrime AD, what would be the best practice to achieve this goal ?
------------------------------
Osvaldo Luemba
Original Message:
Sent: Thu June 20, 2024 09:43 AM
From: Eamonn O'Mahony
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Osvaldo
This makes things easier. You could connect the Azure AD directory to MaaS360 also but this would make user synch and updates more complicated. I'm assuming you are using AD Connect or ADFS to perform the 'bridge to cloud' from your OnPrem AD. If this is the case:
- Cloud Extender can be used with the OnPrem AD
- Cloud Extender can also be used with the Office365 instance to perform AutoQuarantine and use the block mechanism that you were seeking to do to block unenrolled devices
In addition to this which mail client are you using for users to consult professional email on mobile devices? Sorry for delaying this with more questions but I just need to understand this point and can then make a final recommendation.
Best
------------------------------
Eamonn O'Mahony
Client Success Manager
IBM Security
Dublin
Original Message:
Sent: Thu June 20, 2024 07:33 AM
From: Osvaldo Luemba
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Eamonn,
Sorry being late on this, Just Onprime AD is connected to Maas360. Thank you for asking, i really appreciate it.
------------------------------
Osvaldo Luemba
Original Message:
Sent: Fri June 14, 2024 05:28 AM
From: Eamonn O'Mahony
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Osvaldo
Are both your OnPrem AD and Azure AD connected to MaaS360 at present? Am sorry but need to understand this so I can make the best recommendation.
Thanks
------------------------------
Eamonn O'Mahony
Client Success Manager
IBM Security
Dublin
Original Message:
Sent: Thu June 13, 2024 11:43 AM
From: Osvaldo Luemba
Subject: Allow Only Devices With Mass360 to Access OutLook
Additional Information:
We have an on-premises Active Directory (AD) that syncs with Azure AD. Additionally, a Cloud Extender is installed on our on-premises server.
------------------------------
Osvaldo Luemba
Original Message:
Sent: Thu June 13, 2024 11:28 AM
From: Eamonn O'Mahony
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Osvaldo
This can be achieved through one of 2 ways using IBM technology. It depends on the mail platform you are using.
- As Mitch has mentioned you have Cloud Extender which will work with OnPremise Exchange and Office365 (but not both) to control user account access using AutoQuarantine. Documentation: https://www.ibm.com/docs/sr/maas360?topic=modules-exchange-module
- Alternatively if you have Office365 and want to use Conditional Access that can also be supported but through a different configuration type. Please see our colleague Margaret Radford's blog on the IBM Tech Xchange Community: https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/06/28/migrating-to-office-365-exchange-online-with-ibm-s
Please note that both of these strategies require consideration as to the use case:
- For example if you integrate with Microsoft AD OnPremise and you have OnPremise Exchange, then option 1 with Cloud Extender is best
- But if you have Microsoft Azure AD (only, not OnPremise AD) and Office365, the 2nd option with Conditional Access is best
If you want to give more information about your environment I can make a recommendation for you.
------------------------------
Eamonn O'Mahony
Client Success Manager
IBM Security
Dublin
Original Message:
Sent: Wed June 12, 2024 09:10 AM
From: Osvaldo Luemba
Subject: Allow Only Devices With Mass360 to Access OutLook
Hi Team,
I woud like to know how can i achieve the goal of allowing only device with Maas360 App to access company outlook, I have users access company data on personal devie and we have company phones with Maas360.
Any help ?
------------------------------
Osvaldo Luemba
------------------------------