How to Configure MDM Integration?
Please note all the SkypeShield App settings will not appear unless the "SkypeShield App use required" Settings is set to "Yes".
MDM Integration
SkypeShield App use required - Require users to download the SkypeShield mobile app to pre approve their device.
Skypeshield App Deployment - MDM product that will be deploying the SkypeShield app
SkypeShield App use required for every sign-in - SkypeShield App use required for every sign-in or just for device registration.
Access Portal registration requires SkypeShield App - Require the end user to use the launcher for first sign in, even if they self registered the device using the Admin Portal.
SkypeShield App activation time-out - Maximum amount of minutes permitted between SkypeShield App activation and sign in.
OOC registration validation - What is the is the OOC policy for registration.
Block if found OOC
will only block a device if it will find a record in MDM devices that is OOC .
Registration will be allowed also if no matching device is found.
Block if found OOC or if no device found
Block if reported as OOC and block if no matching device is found
SkypeShield app meeting
Users enter real meeting to complete registration - As part of the SkypeShield app pairing process, devices will enter a secure meeting. If this setting is enabled, the user will enter the meeting and receive a message informing them that the process is complete. If this option is not selected they will attempt to enter the meeting, but see an error message. The pairing process will complete either way.
This feature requires UCMA to be configured
Redirection to app from Skype for Business client
HTML to display when redirection not possible - HTML page users see explaining their error. To customize the page and error messages displayed, edit this HTML carefully.
Automatically redirect user to SkypeShield App where required - If SphereShield detects that a user is attempting to sign in with a device that doesn't have a SkypeShield app paired with it, it will redirect the user to a webpage. If the user doesn't have the app installed, they'll be shown an explanation of the requirements.
SkypeShield App redirect page HTML - Edit the HTML provided to customize the page that the user sees during the redirection process.
App settings for MDM
Company name - Company name as set in the launcher.
Require MDM username to match SfB AD account - This setting is only relevant while registering a device by joining as guest and not signing in with a user name.
Set this to No when the MDM integration is not available for the platform in use.
Automatically update changed SfB Endpoint ID - If the SfB Endpoint ID changes, SphereShield can securely update the device record using the SkypeShield App.
MDM Proxy
Connect to MDM API through a proxy - Set to yes to Connect to MDM API through a proxy
MDM Vendors
Enable your MDM vender to open MDM configuration and credentials for your deployment
MDM Compliance Check
The MDM Compliance Check verifies periodically that all registered devices are currently managed and not listed as Out Of Compliance in your MDM solution. Devices out of compliance are blocked, which will terminate existing Skype for Business sessions and prevent signing in.
This verification is done on regular Maintenance Service intervals.
Additionally, this check can be run On Demand by clicking the Run MDM compliance check button.
Run MDM tasks of maintenance now - Run the MDM tasks that are enabled in the maintenance service like filling MDM data or OOC check
Download MDM response to file - Save MDM response to file on each MDM task run. The response downloading will be stopped on the next IIS restart.