Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Apple’ Category

(2019-09-18) Evaluate And Update Any Azure AD Conditional Access Policy Targeting iPads

Posted by Jorge on 2019-09-18


Apple recently announced that it will release iPadOS (new OS for iPad) on September 30, 2019. We have discovered that this release introduces a change that could affect Microsoft Azure AD and Intune customers who use Conditional Access policies in their organization. This notice is intended to help you understand the breaking change from Apple and evaluate the impacts on your organization. This notice also provides recommendations from Microsoft.

Microsoft’s recommendations
  1. Evaluate whether you have browser-based Azure AD CA policies for iOS that govern access from iPad devices. If so, follow these steps:
    1. Create an equivalent macOS Azure AD browser access policy. We recommend that you use the ‘require a compliant device” policy. This policy enrolls your iPad and Mac devices into Microsoft Intune (or JAMF Pro if you have selected that as your macOS management tool) and ensures that browser apps have access only from compliant devices (most secure option). You will also need to create an Intune device compliance policy for macOS.
    2. In the event that you cannot “require a compliant device” for macOS and iPadOS for browser access, ensure that you are “requiring MFA” for such access.
  2. Determine whether a Terms of Use (consent per device)-based Azure AD Conditional Access policy is configured for iOS. If so, create an equivalent policy for macOS.

More information: Action Required: Evaluate and update Conditional Access policies in preparation for iPadOS launch

Cheers,
Jorge

————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
#################### http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-

Posted in Apple, Conditional Access, iPad, Windows Azure Active Directory | Leave a Comment »