Configure Azure Active Directory conditional access Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.15
  3. Installation and configuration
  4. Configuration
  5. Connecting BlackBerry UEM to Microsoft Azure
  6. Configuring Azure Active Directory conditional access
  7. Configure Azure Active Directory conditional access

Configure
Azure
Active Directory
 conditional access

You must be using Microsoft 365 E5 licenses. For more information, visit support.blackberry.com to read KB91041 and KB50341. For more information about licensing, see the details from Microsoft.
  1. In the
    Microsoft
     Endpoint Manager admin center, under
    Tenant Administration > Connectors and Tokens > Partner Compliance Management
     add
    BlackBerry UEM
     as a compliance partner for
    iOS
     and
    Android
     devices and assign it to users and groups.
    If you support both
    iOS
     and
    Android
     devices, you need to add
    BlackBerry UEM
     as a compliance partner for each platform. For more information, see the Microsoft documentation.
  2. In the
    BlackBerry UEM
     management console, click
    Settings > External integration > Azure Active Directory Conditional Access
    .
  3. Select
    Enable conditional access
    .
  4. In the
    Azure cloud
     drop-down list, select
    Global
    .
  5. Type your
    Azure tenant ID
    .
    You can enter either the tenant name, which is in FQDN format, or the unique tenant ID, which is in GUID format.
  6. Click
    Save
    .
  7. Select the administrator account that you want to use to log in to your
    Azure
     tenant.
    The administrator account must be able to grant permissions to the app to access resources in your organization. such as global administrator, cloud application administrator, or application administrator.
  8. Accept the
    Microsoft
     permission request.
  9. In the
    BlackBerry UEM
     management console, edit each
    BlackBerry Dynamics
     connectivity profile     and perform the following actions:
    1. Under
      App services
      , click
      Add
      .
    2. Select
      Feature-Azure Conditional Access
       from the app list.
    3. Click to add a new app server.
    4. If you are using
      BlackBerry UEM
       in a on-premises environment, specify the following server settings:
      Item
      Description
      Server
      gdas-<SRP_ID>.<region_code>.bbsecure.com
      Port
      443
      Route
      Direct
      If you have
      BlackBerry UEM Cloud
       and
      BEMS
       Cloud in your environment and you configured Email notifications or
      BEMS-Docs
       to create a
      BEMS
       tenant, the
      BEMS
       Cloud URL, port number, and priority are added automatically to the App server payload section.
  10. Assign the
    Feature-Azure Conditional Access
     app to users or groups.
  11. In the
    BlackBerry Dynamics
     profile    , ensure that the
    Enable UEM Client to enroll in BlackBerry Dynamics
     setting is selected.
  • The Microsoft Authenticator app must be installed on users' devices. You can assign the app in
    UEM
     or instruct users to install it from their app store.
  • After
    Active Directory
     conditional access is configured, users activating devices are prompted to register with
    Active Directory
     conditional access during activation. Uses with activated devices are  prompted to register with
    Active Directory
     conditional access the next time they open the
    UEM Client
    .