Microsoft 365 Conditional Access Integration and Configure Compliance Partner Endpoint

About this task

Set up a connection between Microsoft and SOTI MobiControl.

Method One: Automatic Microsoft and SOTI MobiControl Setup (Microsoft 365 Conditional Access Integration)

Before you begin

For SOTI MobiControl 2024.1.0 and later, successfully completing this procedure automates adding a compliance partner manager into Microsoft Intune as described in Method Two.
Note: When upgrading SOTI MobiControl to version 2024.1.1 or later, you may need to consent to new permissions for the Azure SOTI device compliance application.

About this task

This method describes adding conditional access credentials to your Microsoft 365 account.

Procedure

  1. Log in to SOTI MobiControl with an Administrator account and navigate to Global Settings > Services > Microsoft 365.
  2. In the Conditional Access section, select Add Credentials.
  3. Enter your name and Microsoft Entra tenant ID.
    Tip: To locate your Tenant ID, open Home > Microsoft Entra and log in with an Administrator account. Navigate to Microsoft Entra ID > Overview. You can see your Tenant ID under Basic Information.
  4. Select Save. A Microsoft Sign In message appears.
  5. Select Continue, then enter your Microsoft account details and complete the consent process.
    Successfully Connected to SOTI MobiControl confirmation message
  6. Select the link to go back to SOTI MobiControl.
    Microsoft 365 Sync Account Screen
  7. Select SYNC. The Account Status changes to Active. SOTI MobiControl automatically populates over the Microsoft Intune third-party compliance partner management portal.
    M365 Conditional Access Active
    Attention: After a successful sync on Microsoft Intune (known earlier as Microsoft Endpoint Manager), other third-party compliance partners are not be overwritten by SOTI MobiControl. If you want to enable SOTI MobiControl as the compliance partner, you must first manually remove the existing third-party compliance partners from the Microsoft Intune Admin center.
    For example, the following scenarios could occur:
    1. Assume at least one platform (for example, Android) populates by a third-party compliance partner other than SOTI MobiControl, while other platforms (for example, macOS and iOS) remain empty. When you select SYNC, SOTI MobiControl populates the empty platforms, leaving the Android platform with the third-party compliance partner.

    2. If all platforms populate by third-party compliance partners, selecting SYNC fails because SOTI MobiControl as a compliance partner is not added for any platform.

Method Two: Manual Microsoft Intune Compliance Partner Configuration (Configure Compliance Partner Endpoint)

Before you begin

If there are issues with the automatic setup as described in Method One, you can try the following:

Procedure

  1. Open Microsoft Endpoint https://endpoint.microsoft.com/#home and log in with Administrator credentials.
  2. Navigate to Tenant administration > Connectors and tokens > Partner compliance management.
  3. Select Add compliance partner in Basics, then SOTI MobiControl from the Compliance Partner pull-down list.
  4. Select Android from the Platform pull-down list, then select Next.
  5. In Assignments, configure the Included/Excluded groups your single sign-on users belong to.
  6. Select Next. Verify all settings are correctly configured.
  7. Select Create to complete endpoint configuration.
    Note: The Partner status shows as Active after completing Microsoft 365 Conditional Access Integration.
  8. Retry/ try SOTI MobiControl integration with Microsoft 365 Conditional Access using Method One: Automatic Microsoft and SOTI MobiControl Setup (Microsoft 365 Conditional Access Integration)

What to do next

Next, add an Azure directory.