Entra machine groups
Alexandre Cop
sigh
just as well I haven't implemented it, that's what I had been suggested to do by Support.
James McNab
Alexandre Cop Are you planning on implementing SAML provisioning on top of your existing LDAP provisioning with Hybrid joined devices or are you moving to pure SAML based provisioning with Entra joined devices?
If you are using a hybrid approach then you can continue to use AD/LDAP where you need to target devices and use SAML for your user based provisioning.
You can't mix and match SAML and LDAP provisions and restrictions, but where you have pure user-based provisions and restrictions for apps these can be migrated to SAML.
Alexandre Cop
James McNab we're moving to a split scenario this year, where staff devices are Entra joined and Student devices will remain hybrid.
So, the users are not an issue, but I have instances where an app needs to be available on the Staff Desktop, and others only on the Student Desktop.
Student Desktop is not an issue
this year
, but the Staff Desktop is.Hope this clarifies.
James McNab
Hi Alexandre Cop
Yes that is correct, SAML is all user based and doesn't have any concept of devices.
Alexandre Cop
James McNab am I reading correctly that using SAML works for users and user groups, but not device and device groups?
James McNab
Thanks Andy, for anyone else here is a link to the related feature request: https://feedback.appsanywhere.com/feature-requests/p/custom-restriction-fields-in-provision
Since this is related to support for Intune device groups specifically I won't merge it with that one, which is a more specific solution suggestion.
James McNab
A
Andy Corps
Agreed. Simplest solution I can see is to apply a "tag" (via reg or env variable or file) to a device via Intune while deploying the AppsAnywhere client.
This tag could be used as a restriction type.
Stuart Pearson
Agree with this 100%. This is a feature that is absolutely necessary right now.