We’ve developed a new integration that allows Kandji customers to use their Kandji device data in Microsoft conditional access policies. That means admins can now control access to organization resources based on whether or not Kandji is managing the devices.
Many enterprise IT teams use Microsoft Entra Admin Center to manage single sign-on access to such resources. In a zero-trust security environment, IT teams need to ensure that employees are granted access only from devices that meet specific security standards. The Entra Admin Center lets them define and enforce conditional access policies to do just that.
Such policies can take into account the device’s compliance status. With Kandji’s new integration, admins can now use data from their Kandji instances in those conditional access policies.
So, if, say, a user wants to sign in to Microsoft 365, an admin could create a policy that says the user’s device must first not only be managed by an MDM solution but also have checked in with that solution within the last 30 days. If the device matches those criteria (and any others the admin has defined), access would be granted. Kandji can now provide the necessary data.
Kandji can also provide other device details to the Entra Admin Center, including:
- Device name;
- Device owner;
- Device type (iOS/iPadOS only);
- Entra ID object ID for the user;
- Entra ID user name;
- OS type; and
- OS version.
This integration will help organizations apply zero-trust security principles in their Microsoft-centric infrastructure.
About Kandji
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.
Integrations
About Apple Device Management
Matt Wilson
