Microsoft has released the Yammer Desktop application for Windows and MacOS – that means that we need to configure Conditional Access to secure our company data.

Before the app was released the only Yammer access that we need to secure on Windows was browser access – now we also need to secure desktop client.

First we need to create a Conditional Access rule for Yammer.

Start the Intune or AzureAD management portal at https://portal.azure.com

Click Conditional Access

CA - Yammer Desktop APP - Configure - 01

Create a new Conditional Access policy – and name it so that it makes sense.

Assign it to all users

CA - Yammer Desktop APP - Configure - 02

Select Cloud App – Office 365 Yammer

CA - Yammer Desktop APP - Configure - 03

Select conditions – Device Platform – only Windows (If you are selection All Platforms – then it will block MacOS after the 1 of august 2017)

CA - Yammer Desktop APP - Configure - 04

Select conditions – Device Platform – Client apps – Select “Mobile apps and desktop clients” (Select also Browser if you what to control Browser access in the same policy)

CA - Yammer Desktop APP - Configure - 05.png

Select Access controls – Grant Access – Require device to be compliant

This will ensure that users can only login and gain access to the company Yammer site when a devices is marked as compliant.

CA - Yammer Desktop APP - Configure - 06 Allow Access

You can also use Block Access if you do not allow access to the yammer app before your company IT department has tested the functionality of the new Yammer App

Now for the user experience :

First of all – it seems like the new Yammer Desktop app is random shown to the user in the web interface.

Download Yammer App.png

Or you can just download it here.

User experience on a compliant device:

First the app need to be installed – There is no commandline switch on the .exe install file or a .msi som the it can be deployed with SCCM or Intune.

CA - Yammer Desktop APP - 01

Then the user need to login

CA - Yammer Desktop APP - 02

And the user have access to Yammer.

CA - Yammer Desktop APP - Configure - 06 Allow Access - User expirence

When a user tries to login to the new Yammer Desktop App from a non-compliant app the user will get a message “You can’t get there from here” that just means – the devices is not compliant.

CA - Yammer Desktop APP - Configure - 05 Block Access - Non Compliant

If the user click more details – it can also be used to troubleshoot

CA - Yammer Desktop APP - Configure - 06 Allow Access - User expirence - 01

If you are using the Block Access policy the user will get this message “You cannot access this right now”

CA - Yammer Desktop APP - 03 - block Access