Configure Azure Active
Directory conditional access
Active Directoryconditional access
- In theMicrosoftEndpoint Manager admin center, underTenant Administration > Connectors and Tokens > Partner Compliance ManagementaddBlackBerry UEMas a compliance partner foriOSandAndroiddevices and assign it to users and groups.If you support bothiOSandAndroiddevices, you need to addBlackBerry UEMas a compliance partner for each platform. For more information, see the Microsoft documentation.
- In theBlackBerry UEMmanagement console, clickSettings > External integration > Azure Active Directory Conditional Access.
- SelectEnable conditional access.
- In theAzure clouddrop-down list, selectGlobal.
- Type yourAzure tenant ID.You can enter either the tenant name, which is in FQDN format, or the unique tenant ID, which is in GUID format.
- Select the administrator account that you want to use to log in to yourAzuretenant.The administrator account must be able to grant permissions to the app to access resources in your organization. such as global administrator, cloud application administrator, or application administrator.
- Accept theMicrosoftpermission request.
- In theBlackBerry UEMmanagement console, edit eachBlackBerry Dynamicsconnectivity profile and perform the following actions:
- UnderApp services, clickAdd.
- SelectFeature-Azure Conditional Accessfrom the app list.
- Click to add a new app server.
- If you are usingBlackBerry UEMin a on-premises environment, specify the following server settings:ItemDescriptionServergdas-<SRP_ID>.<region_code>.bbsecure.comPort443RouteDirectIf you haveBlackBerry UEM CloudandBEMSCloud in your environment and you configured Email notifications orBEMS-Docsto create aBEMStenant, theBEMSCloud URL, port number, and priority are added automatically to the App server payload section.
- In theBlackBerry Dynamicsprofile, ensure that theEnable UEM Client to enroll in BlackBerry Dynamicssetting is selected.
- The Microsoft Authenticator app must be installed on users' devices. You can assign the app inUEMor instruct users to install it from their app store.
- AfterActive Directoryconditional access is configured, users activating devices are prompted to register withActive Directoryconditional access during activation. Uses with activated devices are prompted to register withActive Directoryconditional access the next time they open theUEM Client.