for Microsoft 365
We would like to announce the release information of the HDE Access Control service.
HDE Access Control now supports AzureAD Join for licence verification(*) when Windows10 is initially set up.
(*) As of December, 2018, the license verification for Windows10 utilizes legacy authentication(WS-Trust).
The previous Access Control accepted the legacy authentication(WS-Trust) only via general rich client applications.
Please refer to the following user agent used when licence verification is conducted via AzureAD Join, as of December, 2018.
Windows-AzureAD-Authentication-Provider/1.0
The string of the user agent may be changed without notice in accordance with Microsoft,Inc upgrade.
However, we recommend customers who want to control the legacy authentication(WS-Trust) set the following string to
"Condition to allow Desktop/Mobile application access" on Access Policy Group.
uastr:"%Windows-AzureAD-Authentication-Provider%"
In addition, in cases where you setup/logon Windows10 via AzureAD Join, direct login, which will not go through HDE One authentication,
is enabled when you access Microsoft 365 on Internet Exproler or Microsoft Edge after the logon.
This is expected behaviour based on AzureAD Join.
On the other hand, in cases where you logon Windows10 via any logon methods other than Azure Active Directory authentication(AzureAD Join)(*2),
the login will go through HDE Access Control regardless of access browsers.
(*2.) Windows Local Accounts(Workgroups)/ Windows logon with on-premise Active Directory domain participation