Microsoft 365 Conditional Access Integration and Configure Compliance Partner Endpoint

About this task

This task describes how to set up the connection between Microsoft and SOTI MobiControl.

Method 1: Automatic Microsoft and SOTI MobiControl Setup (Microsoft 365 Conditional Access Integration)

Before you begin

For SOTI MobiControl 2024.1.0 and later, successfully completing this method's procedure automates the process of adding compliance partner manager into Microsoft Intune as described in Method 2.
Note: When upgrading SOTI MobiControl to version 2024.1.1 or later, you may need to consent to new permissions for the Azure SOTI device compliance application.

About this task

This procedure describes how to add conditional access credentials to your Microsoft 365 account.

Procedure

  1. Log in to SOTI MobiControl with an Administrator account and navigate to Global Settings > Services > Microsoft 365.
  2. In the Conditional Access section, select Add Credentials.
  3. Enter your name and Microsoft Entra tenant ID.
    Note: To locate your Tenant ID, open Home - Microsoft Entra and log in with an Administrator account. Navigate to Azure Active Directory > Overview. You can see your Tenant ID under Basic Information.
  4. Select Save. A Microsoft Sign In message appears.
  5. Select Continue, then enter your Microsoft account details and complete the consent process.
    Successfully Connected to MobiControl confirmation message
  6. Select the link to go back to SOTI MobiControl.
    Microsoft 365 Sync Account Screen
  7. Select SYNC. The Account Status changes to Active. SOTI MobiControl is automatically populated over the Microsoft Intune third party compliance partner management portal.
    M365 Conditional Access Active
    Attention: After a successful sync on Microsoft Intune (previously known as Microsoft Endpoint Manager), other third-party compliance partners are not be overwritten by SOTI MobiControl. If you want to enable SOTI MobiControl as the compliance partner you must first manually remove the existing third-party compliance partners from Microsoft Intune Admin center.
    For example, the following scenarios could occur:
    1. Assume at least one platform (for example, Android) is populated by a third party compliance partner other than SOTI MobiControl, and assume there are other empty platforms (for example, macOS and iOS). When you select SYNC, those other empty platforms will be populated by SOTI MobiControl but the Android platform will be left with the third party compliance partner.

    2. If all platforms are populated by third-party compliance partners, selecting SYNC will fail because SOTI MobiControl compliance partner is not added for any platform.

Method 2: Manual Microsoft Intune Compliance Partner Configuration (Configure Compliance Partner Endpoint)

Before you begin

If there are issues with the automatic setup as described in Method 1, you can try the following:

Procedure

  1. Open Microsoft Endpoint https://endpoint.microsoft.com/#home and log in with Administrator credentials.
  2. Navigate to Tenant administration > Connectors and tokens > Partner compliance management.
  3. Select Add compliance partner in Basics then SOTI MobiControl from the Compliance Partner dropdown list.
  4. Select Android from the Platform dropdown list then select Next.
  5. In Assignments, configure Included/Excluded groups your single sign-on users belong to.
  6. Select Next. Ensure all settings are correctly configured.
  7. Select Create to complete endpoint configuration.
    Note: The Partner status shows as Active after completing Microsoft 365 Conditional Access Integration.
  8. Reattempt/attempt SOTI MobiControl integration with Microsoft 365 Conditional Access using Method 1: Automatic Microsoft and SOTI MobiControl Setup (Microsoft 365 Conditional Access Integration)

What to do next

Next, add an Azure directory.