14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Hexnode Integrations
  3. Microsoft Entra ID

Category filter

Register devices with Microsoft Entra ID for Conditional Access

Jump To

This document provides a step-by-step guide on Microsoft Entra ID device registration for Conditional Access.

Device registration with Microsoft Entra ID is the final step to configuring Conditional Access. Conditional Access restricts access to corporate resources based on compliance and authorization, allowing only secure and authorized devices to access corporate data.

If the user skips registration, they will be asked to register the device when attempting to access resources.

Pre-requisites:

  • The administrator must have a Microsoft Entra ID subscription along with a Microsoft Intune license.
  • Each target user must have a Microsoft Intune license assigned, as both device registration and user participation in device compliance depend on an active Microsoft Intune license.
  • Devices must be enrolled and managed in Hexnode UEM before they can be registered with Microsoft Entra ID. Alternatively, they can change the device owner to the Entra ID user from the Manage tab in the Hexnode UEM portal.

Setting up Conditional Access with Hexnode UEM

While the first four steps involve initial setup and integration, which are covered in a separate document, this guide focuses on Step 5. Follow the steps below to set up a Conditional Access policy with Hexnode UEM:

  1. Set up Hexnode UEM as a compliance partner in Microsoft Intune.
  2. Create a Conditional Access policy in the Microsoft Entra ID portal.
  3. Integrate Microsoft Entra ID with the Hexnode UEM portal.
  4. Set up Conditional Access in the Hexnode UEM portal.
  5. How to register devices with Microsoft Entra ID.

Step 5: How to register devices with Microsoft Entra ID

For Conditional Access policies to function effectively, devices must be registered with Microsoft Entra ID. Hexnode UEM guides end users through the registration process with a simple workflow.

  • Android & iOS: Authenticator app
  • macOS: Company Portal app

If the above mentioned apps are not installed on the device, IT admins can also manually trigger the installation from the Hexnode UEM portal.

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab and select the device.
  3. In the Device Summary tab, go to Azure Info. Check for app installation status.
  4. If the required app is missing, click the Try Again icon next to the status.
  5. Once the app is installed, the device registration process can proceed.
Note:


To register iOS devices with user enrollment, the Authenticator app must be installed as a VPP app by the IT admin.

When a device initiates registration, Microsoft services verify its identity and link it to the assigned Microsoft Entra ID account.

Once registered, the device will be granted access to organizational resources based on its compliance data provided by Hexnode UEM.

The specific steps for registering a device vary depending on the platform, as detailed in the sections below.

Register Android devices with Microsoft Entra ID

To register an Android device with Microsoft Entra ID, follow the bellow steps:

  1. Open the Hexnode for Work or Hexnode UEM app on your Android device.
  2. Tap Register with Entra ID and click Continue.
  3. You will be redirected to the Microsoft Authenticator app for registration.
  4. Enter your Microsoft Entra ID credentials and click Sign In. If prompted, enter the account password.
  5. To complete the process, click Register.
  6. After successful registration, you’ll see a prompt confirming the device is registered. Click Continue to complete the flow.

Register iOS devices with Microsoft Entra ID

To register an iOS device with Microsoft Entra ID, follow the bellow steps:

  1. Open the Hexnode UEM app on your iOS device.
  2. Click on Open Authenticator from the prompt or click on the menu icon from the top right corner and tap on Register with Entra ID if the prompt didn’t appear.
  3. You will be redirected to the Microsoft Authenticator app for registration.
  4. Enter your Microsoft Entra ID credentials and click Sign In. If prompted, enter the account password.
  5. To complete the process, click Register.
  6. After successful registration, you’ll see a prompt confirming the device is registered. Click OK.

Register macOS devices with Microsoft Entra ID

To register a macOS device with Microsoft Entra ID, follow the below steps;

  1. Open the Hexnode UEM app on your macOS device.
  2. Click on Register with Entra ID tab to start the registration.
  3. A prompt will appear; click on Register.
  4. Upon clicking Register, you will be redirected to the Company Portal app for registration.
  5. In the Company Portal app, select Sign In, and you will be prompted to enter your Microsoft Entra ID credentials.
  6. After entering the credentials, click Sign In, and then tap Continue.
  7. A confirmation prompt will appear asking you to confirm the registration of the device.
  8. Once confirmed, a prompt will appear indicating that the device has been successfully registered with Microsoft Entra ID.
    Note:


    Device registration cannot be performed for macOS devices running version below 11. To register the device with Microsoft Entra ID, it must be upgraded.

If the Company Portal app is already signed in with the same Microsoft Entra ID account assigned to the device, the sign-in process will complete automatically without requiring the user to enter credentials.

What happens if a device is not registered?

If a user attempts to access organizational resources without registering the device with Microsoft Entra ID, they will be prompted to register. Upon clicking the Register button, they will be redirected to the Hexnode UEM app to initiate the device registration process. After being redirected to Hexnode UEM, the user can follow the appropriate steps mentioned above based on their platform to register the device with Microsoft Entra ID.

How to check device registration status from Hexnode?

After registering, IT administrators can verify the device’s registration status from the Hexnode UEM portal. Follow the below steps to check,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab and click on the name of the device you want to check.
  3. In the Device Summary tab, go to Azure Info.
  4. Check the Entra ID Registration Status column:
    • If the device is not registered, click the Try Again icon next to the status Info to retry registration. Microsoft Entra ID Registration Status of the device

After clicking on the Try Again icon in the Entra ID Registration Status column, the action can be tracked from the Action History tab. The status will initially display as Initiated until the device registration is completed.
Device registration status initiated in Action History

Once the device is successfully registered with Microsoft Entra ID, the action status in the Action History tab will change to Success.
Device successfully registered with Microsoft Entra ID

IT admins can view the Microsoft Entra ID account details associated with the registered device from the Device Summary tab under Azure Info after successful registration.
View the Microsoft Entra ID of the registered device

How to unregister a device from Microsoft Entra ID?

If an IT admin wants to remove a device from the Conditional Access policy, they can change the assigned Microsoft Entra ID user from the Hexnode portal. Assigning a user who is not included under the Conditional Access policy or compliance partner management will effectively exclude the device from enforcement. Follow the below steps to unregister a device,

  1. Log in to your Hexnode UEM console.
  2. Navigate to the Manage tab.
  3. Select the device you want to unregister.
  4. Click on Actions and choose Change Owner from the dropdown.
  5. Click the Select Domain dropdown and choose the appropriate domain. You can select from Local, Active Directory (AD), Microsoft Entra ID, Google Workspace, and Okta (if configured).
  6. Select a new user from the chosen domain who is not subject to Conditional Access policies.
  7. Click Save to confirm the changes.

Once the ownership is updated, the device will no longer be enforced under Conditional Access policies tied to the previous user’s Microsoft Entra ID.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Hexnode Integrations