Preventing Office 365 login on unmanaged devices.

PaulMc
Here to help

Preventing Office 365 login on unmanaged devices.

 

I'm getting to where I need to be with Meraki, and am now looking at my next step.

 

I'm wanting to prevent Office 365 login on non-compliant devices. IE, our users cannot access Sharepoint on any device that isn't enrolled in Meraki SM.

 

From my understanding, I need to purchase additional licenses for O365 (we only have the Business Premium licenses). Is this correct, or can Meraki do this without the need for additional Microsoft licensing?

 

Thanks in advance!

5 REPLIES 5
MacuserJim
A model citizen

I don't see how Meraki would be able to limit users from logging into O365 if Systems Manager is not installed on a device. It would need to be a feature within O365 to force a certain type of authentication, ie Meraki.

Thanks Macuser Jim!

 

What I mean is - preventing staff from logging into Sharepoint and other 365 applications UNLESS they're on a Meraki enrolled and compliant device.

 

I have full admin access to the 365 portal, so can create whatever certificates or profiles are necessary. I know it's possible, but just wanted to know if there's a way to do it on a standard Business Premium license?

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't believe there is anyway to do this, on any licence. It would need to be an Office 365 feature.

T1
Building a reputation

Theoretically you could leverage O365 certificate based sign on given that:

 

1. You can make Meraki issued client SCEP certificates to work with O365. (There is an option to add Meraki CA certificate to 3rd party certificate chain).

2. Or you can use O365 based CA and issue client certificates as part of Meraki payload. In this case you may be able to push certificate based on compliance state. Also, check whether O365 CA requires Azure AD Premium subscription. I believe all O365 subscribers have at least Azure AD basic subscription.

 

 

PaulMc
Here to help

Where do I find / generate certificated in O365? Googling like crazy here, but can't find anything at all..

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels