Microsoft Device Compliance: Library Item Configuration

Learn how to add and configure the required Library Items and settings for MSDC

• Microsoft Company Portal (macOS)
• Microsoft Authenticator & Kandji Self Service (iOS & iPadOS)
• User Registration
  • macOS
  • iOS & iPadOS
• Compliance Status

Microsoft Company Portal (macOS)

1. Navigate to Library in the left-hand navigation bar.
2. Click Add New on the top-right, and choose Company Portal.
3. Click Add & Configure.
4. Optionally, assign a Label.
5. Assign to your desired Assignment Maps or Classic Blueprints. If this is the first time deploying MSDC, it is a good idea to deploy to a test blueprint scoped to a limited number of macOS devices so that you can see how it functions when deployed. 
6. For the Installation type, choose Install and continuously enforce.
7. Select an option from the Version Enforcement dropdown. Your options include the following:
   • Do not manage updates
   • Automatically enforce new updates
   • Manually enforce a minimum version
8. Click Save. 

For additional information on settings and options for Auto Apps, please refer to our Auto Apps Overview support article.

Microsoft Authenticator & Kandji Self Service (iOS & iPadOS)

In order to configure MSDC for iOS and iPadOS, you must first Configure Apps and Books, and add the Microsoft Authenticator and Kandji Self Service App Store Apps to your Kandji library. For instructions on adding apps from Apps and Books to Kandji, follow this guide. 

1. Navigate to Library in the left-hand navigation bar.
2. Under App Store Apps, select Microsoft Authenticator.
3. Assign to your desired Assignment Maps or Classic Blueprints. If this is the first time deploying MSDC, it is a good idea to deploy to a test blueprint scoped to a limited number of macOS devices so that you can see how it functions when deployed.
4. Under Installation Type, choose Install and continuously enforce. If Microsoft Authenticator is installed on some devices, this process will not reinstall the app; instead, Kandji will take over its management.
5. In the Microsoft Device Compliance section, toggle the switch On.
6. Click Save.
7. Repeat steps 1-3 for Kandji Self Service, ensuring that both apps are applied to the same Blueprints.

User Registration

macOS

Once the Microsoft Company portal is installed on the Mac, the Kandji agent will attempt to launch the app automatically, following a specific process required by Microsoft so that end users can begin the registration process. For more information about what users should expect, see our Microsoft Device Compliance: User Registration Experience support article.

iOS & iPadOS

Once the Microsoft Authenticator app is installed on a mobile device, users will find an option in the Kandji Self Service app labeled 'Microsoft Device Compliance Device.' This is where they can start the registration process.

Compliance Status

After a user has registered their device, see our Microsoft Device Compliance: Validating Compliance support article to verify the compliance status.