VMware Workspace ONE Community
AicoHoekman_Siz
Contributor
Contributor
‎10-27-2020 06:56 AM

Secure corporate data in Office 365 with Workspace One

Hi,

I hope anyone can help me out with the following (or maybe point me in the right direction):

GOAL:

We would like to implement secure access to our corporate data (which resides in Office 365 Sharepoint and Onedrive) by only allowing this for Workspace One managed devices. Employee owned devices should not be able to access the Office 365 data without enrolling in WS1 first.

OUR PRESENT INFRASTRUCTURE:

  • Our users have a mix of O365 E1 and E3 licenses
  • No Azure AD Premium licenses present
  • No EMS or Intune licenses present
  • Corporate devices are Windows 10 Azure AD Joined
  • Our Identity Management solution is 3rd party (so no VIDM)
  • We do have VIDM available to put into use

QUESTION:

Am I able to reach the goal without buying extra licenses like AD Premium or Intune? If so, how? If not, what would be the easiest (cheapest) way to achieve the goal? Can I maybe use VIDM in combination with our 3rd party IDP to reach the goal?

I'm not looking for an extensive explanation. A simple nudge in the right direction would already help me. Smiley Happy

Thanks

0 Kudos
3 Replies
chengtmskcc
Expert
Expert
‎10-27-2020 06:36 PM

We have this setup since late April of this year. Based on my understanding, this is how we have our setup:

  • Azure AD Connect to sync with local AD
  • VIDM
  • UEM

Here's the authentication workflow at a high level:

  1. When a device attempts to access O365 data via any MS apps (i.e Outlook, Word, etc.), it checks with Azure AD.
  2. Azure AD detects the source as mobile and passes the request to VIDM
  3. VIDM checks and confirms with UEM that a) device is enrolled and b) device is compliant
  4. VIDM issues a ticket to Azure AD
  5. Azure AD then issues a ticket back to O365
  6. O365 issues a session token for data sync

We also use another 3rd party but decided it's best to leverage VIDM instead. Hope this helps.

0 Kudos
AicoHoekman_Siz
Contributor
Contributor
‎10-28-2020 04:46 AM

Hi Chengtmskcc,

Thanks for the quick response.

Your setup comes pretty close to ours. We don't have a local AD, but seeing your setup that shouldn't make a difference. Do you have Azure AD Premium P1 licenses?

Aico

0 Kudos
chengtmskcc
Expert
Expert
‎10-28-2020 06:02 AM

That I'm not sure as it's managed exclusively by another team.

0 Kudos