Shawn Harry | Skype for Business Online Intune Conditional Access Integration
414
single,single-post,postid-414,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,qode_popup_menu_push_text_top,qode-content-sidebar-responsive,qode-theme-ver-10.0,wpb-js-composer js-comp-ver-4.12.1,vc_responsive

Skype for Business Online Intune Conditional Access Integration

Skype for Business Online Intune Conditional Access Integration

Intune provides the following integration for SfB Online (O365):-
• MDM
• MAM using app policies and conditional access
• ADAL authentication

Enable CA in SfB Online Policy in Intune. CA is not supported for Windows Phone. App policy support is only available for the iOS & Android client at present.

1

2

3

ADAL (FBA) integration can be enabled by enabling “Require corporate credentials for access”. The recommended setting is “no” (disabled). When disabled NTLM authentication is used instead.

4

5

On application launch the above disclaimer is displayed prior to launching the SfB splash window.
PIN access is enabled in the MAM policy. Timeout for testing purposes is set to 1 minute. So when the device is not used for 1 minute the PIN is required to unlock the application.

Summary

Significant security enhancements:-

• PIN access
• PIN timeout/lockout
• Supports ADAL using corporate credentials (No NTLM)
• Application encryption set via MAM policy
• MAM app policy management
• MDM (Only company enrolled devices can access SfB Online)
• Copy and paste to other apps can be restricted
• Screen capture can be prevented
• Jail broken or rooted devices can be blocked