Hi Bryan
Good questions!
When you want to enable SSO for Microsoft Office apps you have to do it on the Azure AD side.
What we can do with our own apps is enable Conditional Access so that our Mail client, and our Documents applications, can contact the Microsoft Azure AD platform and not need users to sign on every time they need to access content on the Office365 or Sharepoint Online platforms.
This requires pre set-up of the Azure AD and Office365 configurations as you would expect.
The interesting thing is that by doing this you are not 'locked in' to Microsoft technology meaning that if you acquired a company which had corporate Gmail, or needed to leverage integration to another Identity Provider, you can use IBM technology also, where InTune cannot do some of this.
Best
------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------
Original Message:
Sent: Mon November 28, 2022 07:11 PM
From: Bryan Allebone
Subject: Azure AD Integration Purpose
Curious, Stumbled several times on this configuration section: https://www.ibm.com/docs/en/maas360?topic=iaam-enabling-single-sign-access-office-365-modern-authentication
What purpose does this serve if NOT using MaaS350 Secure Email?
Does it provide a means to broker SSO to Azure AD on behalf of other MS apps like Word, Outlook, etc?
Does it improve the User Expereince in some way?
Does it supplement the Intune partnership, but not require it?
Cheers!
------------------------------
Bryan Allebone
IBM Champion (Security) - 2022
------------------------------