Skype for Business Online Intune Conditional Access Integration - Shawn Harry
414
wp-singular,post-template-default,single,single-post,postid-414,single-format-standard,wp-theme-bridge,bridge-core-1.0.7,ajax_fade,page_not_loaded,,qode_grid_1300,qode-content-sidebar-responsive,qode-theme-ver-18.2.1,qode-theme-bridge,disabled_footer_bottom,qode_header_in_grid,wpb-js-composer js-comp-ver-8.4.1,vc_responsive

10 Oct Skype for Business Online Intune Conditional Access Integration

Posted at 21:17h in Skype for Business by

Skype for Business Online Intune Conditional Access Integration

Intune provides the following integration for SfB Online (O365):-
• MDM
• MAM using app policies and conditional access
• ADAL authentication

Enable CA in SfB Online Policy in Intune. CA is not supported for Windows Phone. App policy support is only available for the iOS & Android client at present.

1

2

3

ADAL (FBA) integration can be enabled by enabling “Require corporate credentials for access”. The recommended setting is “no” (disabled). When disabled NTLM authentication is used instead.

4

5

On application launch the above disclaimer is displayed prior to launching the SfB splash window.
PIN access is enabled in the MAM policy. Timeout for testing purposes is set to 1 minute. So when the device is not used for 1 minute the PIN is required to unlock the application.

Summary

Significant security enhancements:-

• PIN access
• PIN timeout/lockout
• Supports ADAL using corporate credentials (No NTLM)
• Application encryption set via MAM policy
• MAM app policy management
• MDM (Only company enrolled devices can access SfB Online)
• Copy and paste to other apps can be restricted
• Screen capture can be prevented
• Jail broken or rooted devices can be blocked

 

No Comments

Post A Comment