This step tells MetaAccess (formerly MEM) if you want to enforce device posture check for every request which is forwarded from an IdP when a user accesses to a cloud application. If you have not enabled Access Control, MetaAccess just simply forwards the SAML authentication from IdP to the specified application (service provider) in the request.
To enable Access Control,
Log into the MetaAccess console as an administrator
Navigate to Secure Access and then Protected Apps
Check "Enable secure access".
Enter your PIN to confirm the change.