How to Integrate ConfigMgr SCCM CB with Azure AD

How do I integrate ConfigMgr SCCM CB with Azure AD? The SCCM ConfigMgr 1702 Technical Preview version was released a few weeks before.

For more details about the SCCM 1702 Technical Preview version, refer to the article “SCCM ConfigMgr Comes with Azure AD Domain Services Support.” This article provides information on the new features and enhancements in Configuration Manager and Endpoint Manager, including Azure AD Domain Services support.

Last weekend, I got to look at the SCCM 1702 TP version. My SCCM/ConfigMgr TP lab expired as I haven’t upgraded it since last November (1611). The technical preview versions are accumulated, but if you don’t upgrade to the latest version within 90 days, it will expire, and you will need to build one from scratch.

How do we know whether your SCCM CB TP lab has expired? You can see the expiry duration on the top tab of your SCCM console (evaluation 10 days left), or SMS executive and other services will start getting stopped every hour (I’m not sure whether it’s every hour or less).

Apart from the abovementioned points, it won’t get the latest TP updates/build version. If your SCCM TP lab expires, enjoy installing the new one!

• SCCM ConfigMgr Azure AD User Discovery Client Authentication with Cloud Identities MEMCM
• SCCM 2403 New Key Features and Improvements
• Get SCCM Baseline Version Installation Media | ConfigMgr | VLSC | Download`
• SCCM CB Release has Changed 2 Versions per Year | March and September

How to Integrate ConfigMgr SCCM CB 1702 TP Azure AD Integration

Let’s discuss integrating ConfigMgr SCCM CB 1702 Technical Preview with Azure AD. The video provides detailed instructions on the integration process, showing how to connect ConfigMgr SCCM with Azure AD in this version.

SCCM CB 1702 TP Console View – Integrate ConfigMgr SCCM CB with Azure AD

In the SCCM CB 1702 Technical Preview console, you can view and manage the integration of ConfigMgr SCCM CB with Azure AD. The console provides a straightforward interface for setting up and configuring the integration, making it easier to manage and secure your devices and applications.

Add Azure Active Directory
Sign in with AAD admin credentials to initiate SCCM onboarding

So, returning to the topic “How to integrate Azure AD with SCCM/ConfigMgr?” This is a very straightforward process if you already have an Azure subscription and are a global admin.

The add Azure Active Directory button has been made available in the SCCM CB 1702 TP console ribbon menu under the Cloud services section, as shown in the above picture. Click the sign-in button and enter your Azure subscription (probably with global admin access).

Once the above step has been completed, two Azure Applications appear in the SCCM console. These apps are registered during the Azure AD integration path SCCM/ConfigMgr CB. The first app you can see is the SCCM server app, and the second is the SCCM client app.

Another option in the SCCM console is to renew the secret key to register the app in Azure. By default, the secret key has one-year validity.

Azure AD – App Registration View

I could see two apps created in the Azure portal as part of AAD integration with SCCM CB 1702 TP. My Azure Active Directory has three apps—App Registration: the SCCM client, the SCCM server, and the P2P server.

I’m unsure whether the P2P server was created during the Azure AD integration process with SCCM CB. I can confirm that it was not made during SCCM and AAD integration. Also, I’ve not tested the end-to-end scenario of Azure AD domain services integration.

With the SCCM CB 1702 technical preview version, you can manage devices joined to an Azure Active Directory (AAD) Domain Services managed domain. You can also discover devices, users, and groups in that domain with various SCCM Discovery methods.

Conclusion

Is this actual integration with Azure AD and SCCM in all terms? Would SCCM be able to discover the devices and users from Azure AD? The answer to both questions is NO. This feature enables the discovery of Azure AD domain services-managed devices. Azure AD (SaaS identity solution) devices and Azure AD domain services are “Domain Domain Controller installed inside a virtual server hosted in Azure.”

References

• Capabilities in Technical Preview 1702 – Configuration Manager | Microsoft Learn
• Tutorial – Create a Microsoft Entra Domain Services managed domain – Microsoft Entra ID | Microsoft Learn

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.