Let’s Get Conditional – Part 2: Using Conditional Access with Microsoft Azure, macOS and Addigy

Addigy | 01/13/2023

At the start of 2022 over 22% of the Cloud Services market was controlled by Microsoft Azure. That is a large portion of the cloud services market when you take into account that Amazon Web Services (AWS), Microsoft Azure, and Google Cloud together accounted for 62% of total cloud spend in the first quarter of 2022, with Azure growing faster than other cloud services.

The use of macOS devices in the enterprise is also increasing, with an average penetration rate of 23%, and growing in the United States, compared to 17% in 2019. Therefore, it is reasonable to expect that macOS enterprise users will encounter the need to use Azure-hosted applications and services. The new Microsoft Azure and Addigy integration makes it possible for IT teams to manage and enable macOS devices and share information about the devices’ compliance status with Azure. This allows for using Azure Active Directory Conditional Access login policies for apps and services.

The integration will receive real-time compliance calculations based on the Addigy Compliance Engine calculator for the macOS devices managed in Addigy that are registered to Azure AD. The Addigy Compliance Engine continually monitors devices to ensure they are safe to access the network and corporate resources. When devices fall out of compliance during an audit, Addigy will take the necessary actions, such as generating tickets, alerting admins, performing automated remediations on devices, and, if necessary, restricting access to corporate resources. Learn more about Addigy’s Compliance engine in our recently published Knowledge Base article.

The compliance state information synchronization from Addigy to Azure happens when an Addigy device audit information about the device is updated. This device state is then sent to Azure to the respective Azure ID that is related to the macOS device registered to the end user of the device as the device “Owner” in Azure AD. That compliance state of the macOS device is a “yes” or “no” flag based on the rich and customizable benchmarks of the Addigy Compliance Engine. This allows for more than just the standard macOS compliance calculations of device encryption enabled, passcode present, Gatekeeper enabled, etc.

Here’s a look at the device access workflow:

Conditional Access Device WorkflowCome back for part three of this series to learn more about Conditional Access Policy settings in Microsoft Azure as well as the end-user experience for registration and service sign-in.