For frontline workers, every second counts. A security policy designed for desktop computers (e.g., daily MFA prompts) can become a major obstacle on mobile devices and significantly hinder the adoption of your Jint intranet.
The MODA application (Jint Mobile) allows you to apply specific security rules via Microsoft Entra ID (Conditional Access) that are distinct from those applied to the rest of the company.
1. Which Strategy to Choose?
Here are the two recommended configurations to adapt security to field constraints.
| Criteria | Option A: Long Session (Recommended) | Option B: Maximum Fluidity (Permissive) |
|---|---|---|
| Philosophy | "Set & Forget": Strong security at the door, peace of mind afterwards. | "Zero Friction": Absolute priority on speed of access. |
| User Experience | The user completes MFA only once. They are not prompted again for 90 days. | The user enters only their password (or SSO). No MFA is requested. |
| Security Level | ⭐⭐⭐ High (Entra ID Standard). | ⭐ Low (Unless restricted by IP address). |
| Target Audience | Majority of employees (BYOD or Corporate devices). | Temporary workers, shared devices, areas with no mobile signal for SMS. |
Technical Prerequisites
Global Administrator or Security Administrator access to the Microsoft Entra portal.
Azure AD Premium P1 license (included in Business Premium, E3, E5).
The MODA application must be registered in your "Enterprise Applications".
2. How to Configure Option A: "Long Session"
The best balance: we secure the access, but we don't harass the user.
Navigate to Entra ID > Protection > Conditional Access.
Create a New Policy named "Jint Mobile - 90 Day Session".
Users: Select your target groups (e.g., All users or Frontline Workers).
Target Resources (Cloud Apps): Select only the MODA application.
Conditions > Device Platforms: Select Android and iOS.
Grant: Check "Require multifactor authentication".
Session (The critical step):
Check Sign-in frequency.
Set the value to 90 Days (or 30, depending on your internal policy).
Check Persistent browser session.
Enable the policy ("On") and Create.
3. How to Configure Option B: "Maximum Fluidity"
This option requires bypassing your global security rules.
Step 1: Create the Exception (Exclude Mobile)
You must prevent your main security rule (the one enforcing MFA for everyone) from applying to the mobile app.
Open your existing global policy (e.g., "Global MFA Policy").
Go to Target Resources > Exclude tab.
Check "Select excluded cloud apps" and choose MODA.
Save. The application is now exempt from mandatory MFA.
Step 2: Secure Intelligently (Optional but Advised)
To avoid leaving the application completely open, create a specific rule using Trusted Locations:
Create a new policy "Jint Mobile - Trusted Locations".
Target the MODA application.
In Conditions > Locations:
Include: Any location.
Exclude: All trusted locations (your office/factory IP addresses).
In Grant: Select Block access.
Result: The app works without MFA as long as the user is connected to the company Wi-Fi. If the device leaves the factory premises, access is cut off.
FAQ
Does the user need to reinstall the app for this to work?
No. The new access rules will apply the next time their token expires (usually within an hour) or at their next sign-in.
Can I apply Option B only to my temporary workers?
Yes. Conditional Access allows you to target specific Security Groups. You can have Option A for managers and Option B for floor operators.
Comments
0 comments
Please sign in to leave a comment.