Configuring Azure Active Directory conditional access Skip Navigation

Configuring
Azure
Active Directory
conditional access

If you have configured
Azure AD
conditional access for your organization, you can configure a
BlackBerry UEM
tenant as a compliance partner so that
iOS
and
Android
devices managed by
UEM
can connect to your cloud-based apps such as
Office 365
. You can configure more than one 
UEM
tenant for each
Azure
tenant. However, all
UEM
tenants will share the same Partner compliance management entry.
Microsoft Azure
will not be able to differentiate which
UEM
tenant a compliance status update originates from.
Azure AD
conditional access support is currently limited in the following situation:
  • BlackBerry Work
    does not support the
    Azure AD
    conditional access compliance feature. For more information, visit support.blackberry.com/community to read article 89668.
To use this feature, users must meet the following requirements:
  • Users must exist in
    Azure AD
    ,
  • If you are synchronizing your on-premises
    Active Directory
    to
    Azure AD
    , users’ on-premises
    Active Directory
    UPN must match their
    Azure AD
    UPN. If these values do not match in your environment, please visit support.blackberry.com/community to read article 88208.
  • Users must be added to
    UEM
    though synchronization with
    Active Directory
    .
  • Users must have both the
    Microsoft
    Authenticator app and the
    BlackBerry UEM Client
    installed.
If you configure
Azure AD
conditional access,
UEM
notifies
Azure AD
when a device is out of compliance and conditions are enforced in the following circumstances:
  • If the "Enforcement action for device" setting is set to something other than "Monitor and log,"
    UEM
    notifies
    Azure AD
    after all user prompts have expired.
  • If the "Enforcement action for
    BlackBerry Dynamics
    apps" setting is set to something other than "Monitor and log,"
    UEM
    notifies
    Azure AD
    as soon as the compliance violation is detected.
For more information on Compliance profiles, see the
UEM
Administration content
.
For more information on
Azure AD
conditional access, see the Microsoft documentation.