Microsoft 365: Creating a device access rule

These instructions will enable you to set a device access rule in Microsoft 365 that prohibits devices from connecting unless they are going through Forcepoint ONE SSE. This ensures complete compliance for users across all devices.

Note: These instructions assume that you have already moved through the Voluntary Migration phase and are ready to move to Forced Migration (any users that have not yet migrated to Forcepoint ONE SSE will now be forced to do so).

Steps

  1. Login to Microsoft 365 as an administrator and navigate to the Exchange Admin Center (in the left column near the bottom under Admin Centers. Once there, navigate to the Mobile > Mobile device access > Device access rules page and click plus icon to add a device access rule.




  2. On the New device access rule dialog, select the Forcepoint ONE SSE device family and models that were added by Forcepoint ONE SSE upon initial configuration. Select Allow Access.


    Note: In some cases, Microsoft 365 does not populate the device model into the user interface immediately. If the Forcepoint ONE SSE model does not show up, you can also find the Forcepoint ONE SSE model by browsing to Exchange Admin Center > Recipients. Select the user whose email was used in Forcepoint ONE SSE to populate the new device type into Microsoft 365. Under Mobile Devices, select View Details and click the plus icon. The device rule can be set-up there as well.
  3. Under Exchange ActiveSync settings near the top of the page, click Edit.
  4. Under Connection Settings, click Block Access, to block all devices that aren't the Forcepoint ONE SSE model that you added in Step 2.