How to Integrate ConfigMgr SCCM CB with Azure AD | Configuration Manager | Endpoint Manager? SCCM ConfigMgr 1702 Technical Preview version has released a few weeks before. More details about SCCM 1702 TP version are available here. Last weekend, I did get a chance to look at SCCM 1702 TP version.
My SCCM/ConfigMgr TP lab expired as I didn’t upgrade the lab since last November (1611 time frame). The technical preview versions are accumulated, but if you don’t upgrade to the latest version within 90 days, it will expire, and you need to build one from scratch.
How do we know whether your SCCM CB TP lab has expired or not? You could either see the expiry duration on the top tab of your SCCM console (evaluation 10 days left), or SMS executive and other services will start getting stopped every hour (I’m not sure whether it’s every hour or less).
Apart from the points mentioned above, it won’t get the latest TP updates/builds version. If your SCCM TP lab expired, then take pleasure in installing the new one!
Video Tutorial How to Integrate ConfigMgr SCCM CB 1702 TP Azure AD Integration – here
SCCM CB 1702 TP Console view – Integrate ConfigMgr SCCM CB with Azure AD
So, coming back to the topic “How to integrate Azure AD with SCCM/ConfigMgr?” This is a very straightforward process if you already have an Azure subscription and you are a global admin of your Azure subscription.
Add Azure Active Directory button has been made available in SCCM CB 1702 TP console ribbon menu, under the Cloud services section, as you can see in the above picture. Click on the sign-in button and enter your Azure subscription (probably with global admin access).
Once the above step has been completed, two Azure Applications appear in the SCCM console. These apps are registered during the Azure AD integration process with SCCM/ConfigMgr CB. The first app you can see is the SCCM server app, and the second one is the SCCM client app.
Another option available in the SCCM console is to renew the secret key used to register the app in Azure. By default, the secret key has one-year validity.
Azure AD – App Registration View
I could see TWO apps created in the Azure portal as part of AAD integration with SCCM CB 1702 TP. There are three apps in my Azure Active Directory – App Registration, and those are the SCCM client, SCCM server, and P2P server.
I’m not sure whether the P2P server got created during the Azure AD integration process with SCCM CB. I can confirm that the P2P server has not been created during SCCM and AAD integration. Also, I’ve not tested the end-to-end scenario of Azure AD domain services integration.
With SCCM CB 1702 technical preview version, you can manage devices joined to an Azure Active Directory (AAD) Domain Services managed domain. You can also discover devices, users, and groups in that domain with various SCCM Discovery methods.
Is this actual integration with Azure AD and SCCM in all terms? Would SCCM be able to discover the devices and users from Azure AD? The answer to both the questions is NO. This feature enables the discovery of Azure AD domain services managed devices. Azure AD (SaaS identity solution) devices and Azure AD domain services are “Domain controller installed inside a virtual server hosted in Azure.”
How to Integrate ConfigMgr SCCM CB with Azure AD | Configuration Manager | Endpoint Manager?
- Use Azure Active Directory Domain Services to manage devices, users, and groups – here
- Get started with Azure AD Domain Services – here
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…