| |

Next-Gen Conditional Access For Your Apple Devices

Perhaps your device users need administrative privileges for installing software or for other actions they need to perform regularly on their device. With this level of access, they could disable FileVault, Gatekeeper, or perhaps enable Remote Management which is not allowed in your environment. The Addigy Compliance Engine would detect this situation and block access to critical resources in your environment until the situation is resolved. 

Device Compliance and Conditional Access are vitally important. You need to know that the equipment accessing your networks and corporate information is secure, and that the person using that machine is the authorized user. 

Addigy is proud to announce the Addigy Compliance Engine to provide you with Conditional Access for your Apple devices!

A great device compliance solution is built with multiple layers of protection, adding complexity for possible attack vectors, but avoids making day-to-day device use difficult. Addigy’s Compliance Engine is built with multiple layers in support of the most robust Conditional Access solution in the Apple device management space. And it still provides a seamless zero-touch device deployment with Addigy Identity. 

To this end, the Addigy Compliance Engine asks: 

  1. Is this device and user trusted? 
  2. Is this device configured in a safe and secure way?
  3. Add Apple’s Automated Device Enrollment and Addigy Identity 
Conditional Access Workflow
Conditional Access Workflow

Is this device and user trusted? 

Addigy pairs up with Microsoft Defender for Cloud Apps and Azure Conditional Access to check if the device is recognized. The Microsoft Conditional Access approach relies on a combination of a trusted certificate being shared between Azure and the devices along with the device user successfully logging into O365. Our Knowledge Base article explains how to set up Microsoft Conditional Access with Addigy. 

Is the device configured in a safe and secure way? 

Before a device and its user can access your network and corporate data, you want to know if that device meets all of your security requirements. Addigy’s Compliance Engine allows you to choose from NIST macOS Security Compliance, Center for Internet Security (CIS) guidelines for securing macOS, or any combination of settings that are appropriate for your environment and automatially applies the relevant policies to your devices to ensure they meet all of those requirements. 

The Addigy Compliance Engine continually monitors your devices with the benchmarks and rules you’ve configured. When a device falls out of compliance, Addigy will take the necessary actions based on what you’ve configured. You’re able to generate tickets, alert admins, perform automated remediations, and if necessary, restrict access to corporate resources. 

The Addigy Compliance Engine does not require Microsoft Azure. 

Add Apple’s Automated Device Enrollment and Addigy Identity 

When a device user receives their new machine and powers it up for the first time, you know the device will be safe and secure. The user will login via your trusted IDP so you know they are who they say they are. Because the device was enrolled via Apple’s Automated Device Enrollment, you can trust the device as well.

This, paired with Addigy’s Compliance Engine, will ensure that all security and compliance requirements are set the moment the user logs in to their device for the first time. The Compliance Engine will install the necessary certificates and check that all compliance rules are met before giving the user access to any corporate data.

Want to start using Addigy Compliance Engine to drive Conditional Access? Reach out to our support team via email today at [email protected]

Interested in learning more about Conditional Access and our latest features?
Watch our on-demand webinars:

Similar Posts