Hi pbjork,

Thanks for your reply.

I've checked the document you provided. It seems that the solution in the document shows that using VIDM to replace ADFS

So far, we will use VIDM as a claim provider of the ADFS. So, could you please confirm whether the ActiveSync can work with VIDM in this kind of scenario?

Thanks in advance!

If ADFS owns the federation I would suspect legacy authN would have to be handled by ADFS. I don’t see how O365 would know about VMware Identity Manager. Modern authN would support a hybrid implementation where ADFS forwards only what you want to VMware Identity Manager.

Hi pbjork,

Thanks very much for your reply

So, the answer is:
In my environment (using ActiveSync to connect O365 mailboxes) which uses legacy (basic) AUTH cannot achieve the device management purpose if using VIDM with ADFS.

Am I right?

No. Device management have nothing to do with it. You can still do device management. I think you must explain your use case more in detail. Then I’ll try to explain how or what is required.

Hi pbjork,

Here is my requirement:
Only the devices registered in AirWatch can access the Office 365 mailboxes

As the authentication workflow in my original post, when the devices use ActiveSync to access Office 365 mailboxes, Office 365 will delegate to pass the authentication request to the on-premise authentication system (here is VIDM as the claim provider of the ADFS). In this kind of scenario, can my goal be achieved?

TIA

Sounds like you need the power shell method of protecting O365, only allowing managed devices to access using legacy authN. It is a pure AirWatch feature and AFAIK doesn’t care about federation or not. I’m no AirWatch expert but that is my understanding.

Thanks for that.

Could you please forward this to your colleagues to confirm it?

I'd prefer not to pay for a unsupported scenario, even just a test environment.

Thanks very much