Certified: August 30, 2025

Solution Summary

This article describes the configuration steps involved in utilizing the RSA Device Trust Connector for Microsoft Edge for Business.

Note: This feature is unavailable for FedRAMP customers.

  
The connector utilizes device signals from Microsoft Edge to ensure that only verified and managed endpoints are granted access to critical applications. By combining strong identity authentication with device posture checks, you enhance security beyond just verifying user identity, advancing Zero Trust maturity without the need for complex configurations.

  
Organizations want to ensure that only managed and compliant devices—in addition to authenticated users—can access sensitive applications. 

  
Using the RSA Device Trust Connector, Microsoft Edge for Business can interact with RSA to validate device trust and user session context before permitting access to specified URLs or applications.

Configuration Summary

This section contains instruction steps that show how to configure RSA Device Trust Connector for Microsoft Edge for Business on RSA Cloud Access Service (CAS).
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. 
All RSA and Microsoft components must be installed and working prior to the integration.
   

Configure Microsoft Entra

If RSA provides the App Registration, skip the next section and continue to Set Up RSA Connector in Microsoft Entra. If a custom app registration is required, proceed with the following section.

Create an App Registration in Microsoft Entra

This section describes how to create an app registration in Microsoft Entra. This will be used by CAS to authenticate to the Device Trust API provided by Microsoft Edge for Business. 

  
Follow these steps to configure app registration on Microsoft Entra and assign it the necessary permissions.

Procedure 

1. Log in to the Microsoft Entra admin center https://entra.microsoft.com/.
2. Click App registrations > New registration.
   
3. Provide a name for the application.
4. Under Supported Account Types, choose Accounts in this organizational directory only and click Register.
   
5. Navigate to the newly created app registration. Create a new client secret for your application. Take a note of the Value field after the client secret is created, as this will be used later in the RSA configuration.
   
6. In the left pane, under the Manage section, click API permissions > Add permission.
   
7. On the Request API permissions screen, navigate to the APIs my organization uses tab.
8. Search for Microsoft Edge management service and choose the resulting row.
   
9. Choose Application permissions and add the DeviceTrust.Read.All permission.
   
10. Once the permission is added, click Grant admin consent.
    

Set Up RSA Connector in Microsoft Entra

Procedure

1. Navigate to Microsoft Admin Center: https://admin.microsoft.com/Adminportal/Home#/Edge/Connectors. 
   Note: Admins must set up a configuration policy first to assign to any Connector configuration. Follow this article to create a configuration policy. 
2. At the end of the policy setup, apply the policy to a group.
   
3. Once a configuration policy is created, navigate to the connectors page in the Edge Management Service: https://admin.microsoft.com/Adminportal/Home#/Edge/Connectors.
4. Under Discover Connectors, locate the RSA Device Trust Connector and select Set up.
5. In the Choose policy field, select a policy appropriate for your connector configuration.
6. In the URL patterns to allow, one per line field, provide the URL for your configuration.
7. In the Enable RSA managed application field, choose whether to Allow RSA to manage on your behalf or manage your own application based on your configuration. If the app registration is managed by RSA, choose Allow RSA to manage on your behalf and ensure that the Application (client ID) field is prefilled with the following ID. If not, add it manually.
   Application (client) ID: d21ccd7c-c4fd-41ca-bcac-4960f20041a7
   
8. Click Save configuration to apply your changes.

Configure CAS

Perform these steps to configure the Microsoft Edge for Business connector in RSA and use the managedBrowser attribute in access policies.
Procedure 

1. Navigate to Access > Managed Browser.
2. Enable the configuration by switching the Enabled toggle button on.
3. Enter your organization’s Microsoft Entra ID.

If the app registration was not done and provided by RSA:

1. 1. Choose Non-RSA Managed in the Application Type drop-down list.
   2. Enter Client ID (ID of the app registration done earlier).
   3. Enter Client Secret (the client secret of the registered app).
      

If the app registration was provided by RSA, select RSA Managed in the Application Type drop-down list.

4. Click Save.

Create an Authentication Policy Using managedBrowser Attribute

1. Navigate to Access > Policies.
2. Create a policy with Conditional Access to include the managed browser attribute from RSA Microsoft Edge connector.
    

Test the User Flow

Launch the Edge browser, sign in with an account that belongs to the tenant and group associated with the configured Edge policy, go to edge://policy, and click Reload Policies. You should see the policy appear in the list of policies.
At this point, the device trust flow should initiate when the end user visits one of the URLs specified in the policy (that is, the RSA Cloud Authentication URL).

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components. 

Certification Details

CAS

Microsoft Edge for Business 

Known Issues

No known issues.