Configure Azure AD based Device Enrollment
As an organization if you are using Azure AD for user management, then you can streamline and automate the Windows 10 device enrollment when a user Signs In to their Work account on the PC. This document guides you on how to setup Automatic enrollment for Windows 10 devices using Azure AD.
By configuring this, when a user from your organization joins the Azure AD or adds a Azure AD based Workplace account then the device is automatically enrolled in Scalefusion Dashboard and becomes managed.
Azure AD Prerequisites - Procure Azure AD Premium License
- You would need an Azure AD Premium license for automatic enrollment.
- Assign the premium license to all the users who you wish to use automatic enrollment. In most cases, by default once you have premium license all users are included in this but please contact your Microsoft Azure AD sales rep to understand how licensing works
Scalefusion Prerequisites - Migrate to Azure AD Based Dashboard Sign In
- If you are already a Scalefusion customer, then please make sure to migrate to Azure AD/Office 365 based Dashboard Sign In. Please use our document here to complete the migration.
- Sign In to Scalefusion using Azure AD credentials
- To setup Azure AD based enrollment you need to Sign In with a user that has Global Admin privileges.
Configure Azure AD Enrollment
Step 1: Setup Azure AD Details on Scalefusion Dashboard
The first step is to provide your Azure AD details to Scalefusion so that you can get the automatic enrollment URL that can be configured in Azure AD portal. Follow the steps below to complete this step,
- Sign In to Scalefusion Dashboard using your Azure AD credentials.
- Sign with a user that has Global Administrator privileges to Azure AD.
- Navigate to Mission Control > Windows Setup. Click on Azure AD Setup
- Scalefusion will ask for permissions to manage your devices. Click on Authorize to view the Azure permissions dialog
- Click Accept, to grant Scalefusion the required permissions.
- On Dashboard, scroll down to see the Azure AD details form. Please provide the details asked for
- Tenant ID: This is your Azure AD Tenant Id. Please sign in to Azure portal and click on your Directory to see it's overview. Here you will find the tenant id.
- Select Default Configuration: Select a device configuration for the devices once they enroll. This is the policy or the profile that will be applied to devices once they automatically enroll. Refer to our enrollment configuration guide for Kiosks and BYOD to create a configuration.
- Oganization Name: Enter your Organization name that will be displayed to the end users. You can provide all the details about your organization under Mission Control > Organization Info.
- Click SAVE to save the details
- You will be shown with additional configuration data as shown below
- MDM Discovery URL: The MDM discovery/enrollment URL
Step 2: Setting up Scalefusion as MDM Provider in Azure AD
Now that you have completed the set up on Scalefusion Dashboard, the next step is to configure Scalefusion as MDM Provider in Azure AD. Follow the steps below to complete the configuration,
- Sign In to https://portal.azure.com and switch to your directory for which you had got the tenant id in Step 1.
- Click on the Mobility (MDM & MAM) option. The application will be listed in the Mobility (MDM & MAM) section in the list of applications once you have completed the Azure AD Setup on Scalefusion Dashboard (Step 1 above).
- Click on the Scalefusion application to configure additional details for the application:
- MDM User Scope: Select All
- Click Save
This completes the setup of Scalefusion and Azure AD to enable automatic enrollment of Windows 10 devices when they are joined to Azure AD or a Work account is added to the device.
For Enrolling Windows 10 Devices using Azure AD please refer to the documents below,