Azure Integration without MDM enrollment

Ensure provides a secure, conflict-free access to Entra managed infrastructure for third-party devices – without the overhead of Mobile Device Management (MDM).

Verifying device security without MDM Conflict

Organizations using Entra ID and Windows 365 often face uncertainty when granting access to external users - such as contractors, consultants, or advisors. These users typically operate corporate-managed devices that are already enrolled in a third-party MDM system.

Enrolling a Device into a Second MDM
(e.g., Intune) Results In:

– Overwriting the existing MDM, or
– Blocking access due to IT policies

This Makes Device Posture Checks Difficult Without:

– Violating security policies
– Frustrating users
– Increasing admin overhead

Your antivirus is turned on
Your hard drive is encrypted
Your firewall is turned on
Your OS is not up-to-date
Remote Access Software is running
Passphrase is set
Screen lock is active

How it works

The contractor installs the Ensure device app – a secure, lightweight agent.

The app collects real-time device posture data (e.g., disk encryption, AV/FW status, OS patch level, RA software).

This data is sent to the Ensure platform and integrated with Microsoft Entra Conditional Access via MS Graph API.

Access to Azure or Windows 365 is only granted to devices that meet policy-driven compliance criteria, without altering or unenrolling from the existing MDM.

Compliance Dashboard

Real-time visibility is provided via the Ensure dashboard, offering an up-to-date overview of devices attempting to access your Entra-managed applications or Windows 365.

No specialist training is required—implementation takes just a few hours, after which the system automatically evaluates device compliance and blocks access to any device that does not meet the required security standards.

Guaranteed Strengthening of the Device Security Posture

By adopting the Ensure Assessment App as your standard tool for device posture checks, you demonstrate a strong commitment to third-party security while reinforcing core device protection—freeing your organization to focus on its priorities with confidence.

Why it Matters

Ensure bridges a critical compliance gap that traditional MDM solutions can’t address—enabling secure, policy-driven access for non-corporate devices without disrupting third-party IT environments or existing management systems.

The Ensure Assessment App verifies key security indicators, including operating system update status, encryption, active antivirus and firewall protection, the presence of a passphrase, and an active screen lock. It can also detect if remote access software is running at the time of login, and will block access until such software is deactivated.

Once installed, all future device checks run seamlessly in the background. Ensure is vendor-agnostic, identifying security risks across all device types and operating systems.

Security results are shared with the user, allowing them to self-remediate any detected issues before access is granted.

Features

Enable Ensure via Microsoft Graph API

Define two Conditional Access policies and connect to Ensure:

Integrating your Azure environment with Ensure couldn’t be easier. All you need is an Ensure customer account and admin access to your Entra portal.

Once set up, users register their devices as usual in your Entra system, download the Ensure Assessment App on the device they wish to use, and ensure it meets your defined security posture requirements. That’s it—you’re good to go!