How to Integrate ConfigMgr SCCM CB with Azure AD | Configuration Manager | Endpoint Manager? SCCM ConfigMgr 1702 Technical Preview version has released a few weeks before. More details about SCCM 1702 TP version are available here. Last weekend, I did get a chance to look at SCCM 1702 TP version.
My SCCM/ConfigMgr TP lab got expired as I didn’t upgrade the lab since last November (1611 time frame). The technical preview versions are cumulate but if you don’t upgrade to the latest version within 90 days then, it will get expired, and you need to build one from scratch.
How do we come to know whether your SCCM CB TP lab has expired or not? You could either see the expiry duration on the top tab of your SCCM console (evaluation 10 days left) or SMS executive and other services will start getting stopped every hour (I’m not very sure whether it’s every hour or less).
Apart from the points mentioned above, it won’t get the latest version of TP updates/builds. If your SCCM TP lab got expired then, take pleasure in installing the new one!
Video Tutorial How to Integrate ConfigMgr SCCM CB 1702 TP Azure AD Integration – here
SCCM CB 1702 TP Console view – Integrate ConfigMgr SCCM CB with Azure AD
So, coming back to the topic “How to integrate Azure AD with SCCM/ConfigMgr?” This is very straight forward process if you already have an azure subscription and you are global admin of your Azure subscription.
Add Azure Active Directory button has made available in SCCM CB 1702 TP console ribbon menu, under Cloud services section as you can see in the above picture. Click on sign in button and enter your Azure subscription (probably with global admin access).
Once the above step has successfully completed then, you could see two Azure Applications appear in the SCCM console. These apps are registered during the Azure AD integration process with SCCM/ConfigMgr CB. The first app that you can see is the SCCM server app and the second one is the SCCM client app.
Another option available in the SCCM console is to renew the secret key used for the registration of the app in Azure. By default, the secret key has one-year validity.
Azure AD – App Registration View :-
I could see TWO apps got created in the Azure portal as part of AAD integration with SCCM CB 1702 TP. There are three apps in my Azure Active Directory – App Registration, and those are SCCM client, SCCM server, and P2P server.
I’m not sure whether the P2P server got created during the Azure AD integration process with SCCM CB. I can confirm that the P2P server has not created during SCCM and AAD integration Also, I’ve not tested the end-to-end scenario of Azure AD domain services integration.
With SCCM CB 1702 technical preview version, you can manage devices those are joined to an Azure Active Directory (AAD) Domain Services managed domain. You can also discover devices, users, and groups in that domain with various SCCM Discovery methods.
Is this actual integration with Azure AD and SCCM in all terms? Would SCCM be able to discover the devices and users from Azure AD? The answer to both the questions is NO. This feature is to enable the discovery for Azure AD domain services managed devices. Azure AD (SaaS identity solution) devices and Azure AD domain services are “Domain controller installed inside a virtual server hosted in Azure.”
How to Integrate ConfigMgr SCCM CB with Azure AD | Configuration Manager | Endpoint Manager?
- Use Azure Active Directory Domain Services to manage devices, users, and groups – here
- Get started with Azure AD Domain Services – here