Office 365 Mobile device management authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-1536516%22%20slang%3D%22en-US%22%3EOffice%20365%20Mobile%20device%20management%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1536516%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Efollowing%20scenario%3A%3C%2FP%3E%3CP%3EUser%20have%20Office%20365%20E1%20and%20Azure%20AD%20P1%20license.%3C%2FP%3E%3CP%3EWe%20have%20configured%20Office%20365%20%22MDM%22%2C%20not%20the%20Intune%20MDM%2C%20only%20O365%20MDM.%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20want%2C%20that%20only%20trusted%20mobile%20devices%20(iOS%20and%20Android)%20can%20access%20O365%20data.%3C%2FP%3E%3CP%3EFor%20trusted%20devices%2C%20which%20are%20comliant%2C%20the%20user%20should%20not%20be%20asked%20for%20credentials%20every%20XX%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20configure%20this%20without%20MS%20Intune%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20the%20moment%20user%20is%20asked%20every%2014%20days%20for%20credentials.%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20use%20Azure%20AD%20Conditional%20Access%20with%20O365%20MDM%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMarc%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1536516%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1537896%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Mobile%20device%20management%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1537896%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20article%20should%20answer%20most%20of%20your%20questions.%3CBR%20%2F%3EA%20few%20things%20are%20being%20changes%20in%20the%20future%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fupcoming-exchange-online-device-access-and-conditional-access%2Fba-p%2F1464261%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fupcoming-exchange-online-device-access-and-conditional-access%2Fba-p%2F1464261%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1539090%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Mobile%20device%20management%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1539090%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20your%20reply.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20question%20for%20me%20is%3A%3C%2FP%3E%3CP%3EIs%20it%20possible%20and%20supported%20to%20use%20Conditional%20Access%20also%20for%20%22built%20in%20mobile%20device%20management%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20found%20this%20link%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fblog%2F2015%2F07%2F21%2Fexplore-the-built-in-mobile-device-management-mdm-feature-for-office-365%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fblog%2F2015%2F07%2F21%2Fexplore-the-built-in-mobile-device-management-mdm-feature-for-office-365%2F%3C%2FA%3E%3C%2FP%3E%3CP%3Eand%20this%20part%20on%20the%20website%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Anmerkung%202020-07-22%20201153.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F207209i882469201B34C561%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Anmerkung%202020-07-22%20201153.jpg%22%20alt%3D%22Anmerkung%202020-07-22%20201153.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20correct%20me%20if%20i%20am%20wrong%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBuilt%20in%20MDM%20will%20also%20check%20device%20comliance%20against%20Azure%20AD%20Conditional%20Access%20and%20we%20can%20protect%20our%20mobile%20devices%20and%20the%20access.%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20not%20an%20%22Intune%20only%22%20feature.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1547728%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Mobile%20device%20management%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1547728%22%20slang%3D%22en-US%22%3ENo%2C%20O365%20might%20check%20Conditional%20Access%20(which%20happens%20everytime%20you%20authenicate%20to%20O365)%3B%20but%20it%20won't%20check%20the%20device%20compliance%20in%20O365%20MDM%20as%20compliance%20is%20an%20Intune%20feature%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

following scenario:

User have Office 365 E1 and Azure AD P1 license.

We have configured Office 365 "MDM", not the Intune MDM, only O365 MDM. 

We want, that only trusted mobile devices (iOS and Android) can access O365 data.

For trusted devices, which are comliant, the user should not be asked for credentials every XX days.

 

Is it possible configure this without MS Intune?

 

At the moment user is asked every 14 days for credentials. 

Can we use Azure AD Conditional Access with O365 MDM? 

 

Regards

 

Marc

3 Replies
Highlighted
Hi

This article should answer most of your questions.
A few things are being changes in the future: https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-exchange-online-device-access-and...
Highlighted

@Thijs Lecomte 

 

Hello, 

 

thanks for your reply. 

The question for me is:

Is it possible and supported to use Conditional Access also for "built in mobile device management" 

 

i have found this link:

 

https://www.microsoft.com/en-us/microsoft-365/blog/2015/07/21/explore-the-built-in-mobile-device-man...

and this part on the website

 

Anmerkung 2020-07-22 201153.jpg

 

So, correct me if i am wrong:

 

Built in MDM will also check device comliance against Azure AD Conditional Access and we can protect our mobile devices and the access. 

It is not an "Intune only" feature.

 

Regards

Highlighted
No, O365 might check Conditional Access (which happens everytime you authenicate to O365); but it won't check the device compliance in O365 MDM as compliance is an Intune feature