This guide applies to macOS, iOS, and iPadOS devices
About Microsoft Device Compliance
Iru Endpoint’s Microsoft Device Compliance (MSDC) integration combines Iru Endpoint’s device management and compliance features with Microsoft’s conditional access capabilities, ensuring only managed and compliant devices can access corporate resources.How It Works
Iru Endpoint’s Microsoft Device Compliance (MSDC) integration combines Iru Endpoint’s device management and compliance features with Microsoft’s conditional access capabilities. Built through Microsoft’s device compliance partner program, this integration simplifies the setup and configuration process between Iru Endpoint and Microsoft and streamlines the deployment of required applications through the Iru Endpoint Library. Once configured and devices are registered with Microsoft, Iru Endpoint’s device inventory and compliance data can be used in Microsoft Conditional Access policies. This ensures that only managed and compliant devices can access corporate resources. Iru Endpoint’s MSDC integration supports macOS, iOS, and iPadOS devices.Prerequisites
All Devices
- Devices must be managed by Iru Endpoint
- A Microsoft user directory integration must be set up in your Iru Endpoint tenant
- A user from the configured directory integration must be assigned to the device record
- Device users must be assigned a Enterprise Mobility + Security license, which includes Microsoft Entra ID Premium and Microsoft Intune
- A Microsoft user account that can accept requested app permissions
- Iru Endpoint must be configured as a device compliance partner in Intune
Configuration Overview
Below are the basic steps required to set up and deploy Microsoft Device Compliance with Iru Endpoint.1
Configure Iru Endpoint as Device Compliance Partner
2
Set Up MSDC Integration
3
Deploy Applications
Deploy Applications for end user device registration.
-
macOS
- Configure the Microsoft Company Portal Auto App Library Item
-
iOS and iPadOS
- The Kandji Self Service app must be deployed using Apps and Books
- The Microsoft Authenticator app from the Apple App Store must be assigned to Iru Endpoint via Apps and Books in Apple Business Manager or Apple School Manager
- Configure the Microsoft Authenticator Apps and Books Library Item
4
Deploy Single Sign-on Profiles
Deploy Single Sign-on Profiles.
-
macOS
- If you use Platform SSO with Microsoft Entra ID, please make sure this is deployed first, and have the user register with Platform SSO before registering with Microsoft Device Compliance.
-
If you do not utilize Platform SSO with Microsoft Entra ID, deploy Microsoft Single Sign-on Extension macOS settings in the Single Sign-On Extension Library Item.
- Inside the Library Item, set the Installs On field to only include Mac
-
iOS & iPadOS
- Deploy Microsoft Single Sign-on Extension iOS and iPadOS settings in the Single Sign-On Extension Library Item.
- Inside the Library Item, set the Installs On field to only include iOS and iPadOS.
The Microsoft Single Sign-on Extension only needs to be deployed if it is not already deployed in your environment for the device platforms you have configured.