Microsoft Conditional Access

What is Microsoft Conditional Access (MSCA) #

Microsoft Conditional Access is Microsoft’s Zero Trust policy engine that enforces access controls based on device and user signals. In this documentation, we refer to it as MSCA. If your Relution users are synced via Microsoft Entra ID, you can additionally enable Conditional Access to enforce compliance-based restrictions. When a Relution-managed device changes its compliance status (e.g., from compliant to non-compliant), this information is automatically synced with Microsoft. Depending on your Conditional Access policies, it is possible to restrict access to specific applications when a device is marked as non-compliant.

Supported Platforms #

• Android Enterprise
• iOS
• macOS
• Windows
  • Devices must be Entra ID joined or enrolled via Autopilot.

Preconditions #

To use Microsoft Conditional Access with Relution, the following requirements must be met:

• Microsoft Entra ID P1 licenses. See more here.
• Entra ID configured with users sync active, see Linking Entra ID and Relution
• Broker app for authentification must be available on the device:
  • Android Enterprise & iOS - Microsoft Authenticator - is installed automatically when MSCA is activated
  • macOS - Company Portal App - has to be installed on the device. Can be downloaded here.

Limitations #

• Conditional Access as of now can’t be configured per global organization in Relution.
• Micsosoft Conditional Access can only be activated for all devices of a tenant, filtered by platform.