Ensuring Device Level Security with Device Trust Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ensuring Device Level Security with Device Trust
Published: Jul 28, 2017   -   Updated: Jul 18, 2018
Current Release Status: EA (June 2017)
Now you can ensure the security of your mobile devices with a new feature called Device Trust for Microsoft Office 365 Exchange ActiveSync for iOS. Watch Teju, as she talks more about his exciting new feature:

Feature Highlights

With the rollout of this feature you will now be able to:
  1.  Configure the iOS native mail application to use a certificate instead of passwords to allow OMM enrolled users to authenticate to Office 365 Exchange ActiveSync, and
  2.  Configure the iOS native mail application client access policy to prevent users with unmanaged devices from accessing Office 365 Exchange ActiveSync.
  3.  End users will be allowed to seamlessly SSO into their native iOS mail application from OMM-enrolled devices, and, will also avoid becoming locked-out of their account due to AD password resets.
       User-added image

Best Practices
To get started using this great new feature you should do the following:
  1. First, you’ll need an Office 365 tenant federated to an Okta organization, with at least one license for Exchange Online.
  2. Next, configuring certificate based authentication in Office 365 requires running  a few commands in Azure Active Directory PowerShell, so you’ll need a Windows machine.

Note: feature is supported on devices running iOS 9 or above enrolled to OMM (Okta Mobility Management)

User-added image
Q: Is this feature available for Android devices?
A: This feature is currently available for iOS devices only.

Q: What should I do if a user has already configured an email profile prior to enrolling in OMM?
A: Because there have been a few issues associated with this we recommend that your end users delete the manually configured profile from their device.

For additional information related to this feature click here.