Authentication of SCA is based on Microsoft Authentication Library (MSAL).
It allows authentication and acquire tokens from Azure Active Directory (AAD) to access company data. MSAL is used to log in to the SCA against the Microsoft Azure AD Enterprise App “Provectus - Secure Contacts” using a AAD account. This Azure Enterprise App is basically the service principal for SCA in your tenant. It is the local representation of the global application object of SCA. In terms of authentication, the Enterprise App acts as a trusted client that can authenticate users and request tokens on their behalf.
In other words, it defines what the app can actually do in your tenant, who can access the app, and what resources the app can access.
App ID: “Provectus - Secure Contacts” is 76d61813-1886-40f8-a065-8ca490a108f6.
The configuration of Azure AD Authentication and user account security (password, login factors, etc.) is done by you. So you decide which account security configuration is to be made. Microsoft Conditional Access is used to control which devices can use the app. This makes it possible to decide, that e.g. the app is only be used on company-owned devices, devices managed via MDM, or private devices.
We recommend to use App Configuration Policy & App Protection Policy in Intune and additionally enforce your Configuration via Conditional Access.
The configuration of the Microsoft Conditional Access Policies is done by you. You are able to decide about the configuration, e.g. which users access is allowed or not.
We only make recommendations in this regard.