Zero Trust, a modern security framework pioneered in part by VMware, is built on the premise of continually verifying user and device trustworthiness before allowing least privileged access to enterprise applications and data. As organizations work to create the most seamless possible employee experience for the Anywhere Workspace, they must pay special attention to security because the Anywhere Workspace, by definition, operates outside the secure corporate perimeter. A fundamentally different approach is required, which is why Zero Trust applies the concept of conditional access that’s seamless to the user yet reduces the attack surface wherever possible.
In 2019, VMware announced an unprecedented technology partnership with Microsoft designed to drive outstanding value across critical use cases for our mutual customers. Increased functionality resulted from this partnership on both ends, and now we’re announcing another advancement. Last year we enabled Azure AD Conditional Access for iOS and Android and Windows 10 devices. With that enablement, Workspace ONE delivers device posture (enrollment and compliance status) to Microsoft Endpoint Manager (MEM). In other words, Workspace ONE provides the signals to MEM, which are then consumed by Conditional Access policies for decision-making.
This same functionality is now in public preview for macOS devices. As such, conditional access policies can apply to macOS devices managed by Workspace ONE. In our Early Access portal, you can find the relevant documentation on adding macOS to your conditional access policies (linked below). For awareness, you’ll need the following pre-requisites to try it out:
- Workspace ONE Intelligent Hub for macOS version 21.11
- Workspace ONE UEM version 2111 (Build COM-CN-40538 or above)
- Intune licensing for each macOS user
- Membership to the Workspace ONE Intelligent Hub for macOS Early Access portal (for documentation)
As you test this new preview functionality, please be sure to submit feedback in the Early Access portal. This is the most direct route to get this feedback to our developers.
- VMware Early Access Portal – Join the Intelligent Hub for macOS Beta
- Configuring Intune to work with a device compliance partner
- Configuring Workspace ONE to send compliance data to Microsoft
- The Workspace ONE and Azure AD Conditional Access integration is now available – Original announcement for support on iOS and Android
- Microsoft Intune Licensing