Integration with Microsoft
beem integrates natively with the Microsoft ecosystem across four key layers — identity, device, endpoint protection, and data governance — so you can keep using familiar Microsoft services while stepping up to Zero Trust networking and security.
Identity & Access - Microsoft Entra ID federation
| Capability | What it does | Edition |
|---|---|---|
| Directory federation with Entra ID | Links your existing Entra ID tenant to beem’s Swisscom One Identity Broker (OneIDB), so users keep their Microsoft credentials and MFA while gaining beem B2B-Passkeys and pass-through SSO. | Standard, Plus & Premium |
| Single Sign-On (SSO) to Microsoft 365 & private apps | Once a user is authenticated to OneIDB, access to Microsoft 365 and any Entra-integrated SaaS or on-premises apps happens automatically. | Plus & Premium |
| B2B-Passkeys on Windows Hello & Azure-joined devices | Users can keep Windows Hello for device sign-in; beem adds a second Passkey-based factor for application access, keeping Entra SSO intact while achieving phishing-resistant NIST AAL 3. | Standard, Plus & Premium |
Microsoft Entra ID (formerly Azure Active Directory)
To enable federation with beem, a Microsoft Entra ID P1 licence is required. This may be provided either through a standalone licence or as part of various Microsoft offerings that include Entra ID P1 functionality. If you have any specific questions about your licensing model, please contact your licence provider.
Unified Endpoint Management - Microsoft Intune
Proactive Device Posture
beem can query Intune for compliance status at every login; non-compliant devices are quarantined automatically.
Continuous Posture
The beem app keeps checking Intune during the session for drift and threats.
Endpoint Protection - Microsoft Defender
beem’s Continuous Device Posture Management can ingest signals from Defender for Endpoint (EPP/EDR). You stay in the Defender console for operations while beem enforces network-level policy based on Defender verdicts (e.g., isolate if malware is detected).
Data Governance - Microsoft Purview
Premium edition customers can plug beem’s out-of-band CASB into Purview APIs to apply Microsoft classification labels, scan SharePoint/OneDrive, and trigger beem DLP actions (quarantine, redact, encrypt) from a single policy set.
Microsoft Feature per Edition Matrix
| Microsoft Feature | Standard | Plus | Premium |
|---|---|---|---|
| Entra ID federation | ✓ | ✓ | ✓ |
| Intune posture check | ✓ | ✓ | ✓ |
| Defender signal ingest | ✗ | ✓ | ✓ |
| Purview integration | ✗ | ✗ | ✓ |
Detailed Integration Capabilities by Layer
| Layer | What beem does | Microsoft hooks | Editions |
|---|---|---|---|
| Identity & Access | Direct federation keeps existing UPNs, MFA, and SSO flows intact | Microsoft Entra ID | Standard, Plus, Premium |
| Identity & Access | Passwordless login up to NIST AAL 3 | Passkeys / Windows Hello | Standard, Plus, Premium |
| Device Posture | Compliance checked once at sign-in | Intune (Proactive) | Standard, Plus, Premium |
| Device Posture | Live telemetry (patches, AV, disk-crypto) | Defender, beem app (Continuous) | Plus, Premium |
| Endpoint Management | Optional full-lifecycle control; co-exists with Intune | UEM | Plus, Premium |
| Network Security | Context-aware access to Microsoft 365, Azure and on-prem apps | ZTNA | Standard, Plus, Premium |
| Network Security | Hides real client & server IPs | IP Cloaking & app Obfuscation | Standard, Plus, Premium |
| Data Governance | Feeds flow-level telemetry into Microsoft Purview | Purview DLP / eDiscovery | Premium |
What this means in practice
Keep your existing infrastructure
beem integrates natively with the Microsoft stack; your existing Entra ID tenant, Intune policies, and Defender configuration stay exactly as they are.
Granular security that travels with the user
The same Passkey a user employs to unlock Windows Hello also unlocks beem-protected SaaS and private apps on any device.
Upgrade-by-licence, not by project
Move from Basic to Plus or Premium whenever you need deeper posture checks or Purview integration; no migration waves or re-enrolment required.
TIP
Upgrading editions never forces a directory or device migration. Simply assign the new licence in the beem portal; the additional Microsoft integrations activate automatically.