Configuring Conditional Access Policies

Guidance on how to configure Endpoint Conditional access to work with Space Connect

Microsoft Endpoint Conditional Access can be configured if you're using Desks and Rooms.

 

Both 'Desk's Only' and 'Legacy' permission sets can be configured with Microsoft Endpoint Conditional Access. The following Elements of the policy must be configured for both permission sets.

1

Desk Only - Conditional Access Policies

- In this configuration, you must 'Exclude' the following SpaceConnect Applications under “Cloud apps or actions”.

  • Space Connect

  • Space Connect Desks
  • SpaceConnectNative

5-1

Space Connect Desks only mode can have any of the options listed below switched on, either singularly or in multiples. Refer to Microsoft's Endpoint documentation for a full explanation and additional configuration steps if necessary.

D2

 


Desks + Rooms 'Legacy' - Conditional Access Policies

Space Connect's Legacy permissions have a service dependency on Microsoft's Graph API. This means that it does not use the normal authentication flow and cannot be included or excluded in the conditional access policies.

Space Connect has been tested to work with any or all the following options additionally switched on alongside “Require approved client app”.

  • Require multifactor authentication
  • Require device to be marked as compliant (A limitation of compliant devices is that edge must be used. This relates to Microsoft endpoint functionality and is outside of Space Connect control.)
  • Require password change

The setting of “For multiple controls” must be set to “require one of the selected controls” for this to be successful.
If you have compliant devices, Microsoft requires Edge to be the default browser. This allows for the device ID to be successfully passed through Microsoft to Space Connect. (If the device ID is not passed, it cannot determine if the device is compliant or not.)

4

In this configuration, there is no need to exclude the SpaceConnect Applications under Cloud apps or actions”.

2

Setting Microsoft Edge as the Default browser for Compliant Mobile devices

Go to the App Store and download the Microsoft Edge browser app.

Once you open the app, you should be prompted to make the browser your default.

Browser defaults-1

To do it manually without getting the automatic prompt then do the following:

iOS:

1. Open Settings

2. Scroll to 'Edge' and click it.

3. Click on the Default Browser App option and change it to 'Edge'.

Android:

1. Open Settings > Apps > Default App.

2. Select Microsoft Edge as a browser app.

 

If you need any assistance configuring these policies, please reach out to our Support Team.