Configure Azure AD based Device Enrollment

As an organization if you are using Azure AD for user management, then you can streamline and automate the Windows 10 device enrollment when a user Signs In to their Work account on the PC. This document guides you on how to setup Automatic enrollment for Windows 10 devices using Azure AD.

By configuring this, when a user from your organization joins the Azure AD or adds a Azure AD based Workplace account then the device is automatically enrolled in Scalefusion Dashboard and becomes managed.

Azure AD Prerequisites - Procure Azure AD Premium License

  1. You would need an Azure AD Premium license for automatic enrollment.
  2. Assign the premium license to all the users who you wish to use automatic enrollment. In most cases, by default once you have premium license all users are included in this but please contact your Microsoft Azure AD sales rep to understand how licensing works

Scalefusion Prerequisites - Migrate to Azure AD Based Dashboard Sign In

  1. If you are already a Scalefusion customer, then please make sure to migrate to Azure AD/Office 365 based Dashboard Sign In. Please use our document here to complete the migration.
  2. Sign In to Scalefusion using Azure AD credentials
    1. To setup Azure AD based enrollment you need to Sign In with a user that has Global Admin privileges.

Configure Azure AD Enrollment

Step 1: Setup Azure AD Details on Scalefusion Dashboard

The first step is to provide your Azure AD details to Scalefusion so that you can get the automatic enrollment URL that can be configured in Azure AD portal. Follow the steps below to complete this step,

  1. Sign In to Scalefusion Dashboard using your Azure AD credentials.
    1. Sign with a user that has Global Administrator privileges to Azure AD.
  2. Navigate to Mission Control > Windows Setup. Click on Azure AD Setup
  3. Scroll down to see the Azure AD details form. Please provide the details asked for
    1. Tenant ID: This is your Azure AD Tenant Id. Please sign in to Azure portal and click on your Directory to see it's overview. Here you will find the tenant id.
    2. Select Default Configuration: Select a device configuration for the devices once they enroll. This is the policy or the profile that will be applied to devices once they automatically enroll. Refer to our enrollment configuration guide for Kiosks and BYOD to create a configuration.
    3. Oganization Name: Enter your Organization name that will be displayed to the end users. You can provide all the details about your organization under Mission Control > Organization Info.
    4. Click SAVE to save the details
  4. Scalefusion needs additional permissions to manage auto-enrollment. So once you click SAVE, Scalefusion will ask for permissions to manage your devices. Click on Authorize to view the Azure permissions dialog
  5. Click Accept, to grant Scalefusion the required permissions.
  6. Once the permissions are granted, you will be redirected back to Scalefusion portal now with additional configuration data as shown below.
    1. MDM Terms of Use URL: The terms of use URL that needs to be configured in Azure AD portal.
    2. MDM Discovery URL: The MDM discovery/enrollment URL that needs to be configured in Azure aD.

Step 2: Setting up Scalefusion as MDM Provider in Azure AD

Now that you have completed the set up on Scalefusion Dashboard, the next step is to configure Scalefusion as MDM Provider in Azure AD. Follow the steps below to complete the configuration,

  1. Sign In to and switch to your directory for which you had got the tenant id in Step 1.
  2. Click on the Mobility (MDM & MAM) option and then click on Add Application
  3. Click on On-Premise MDM Application
  4. Enter Scalefusion as a name for the MDM provider. Click Add
  5. It will take around a minute or so for the application to be created and added to the list of applications. Once done, the application will be listed in the Mobility (MDM & MAM) section as shown below
  6. Click on the Scalefusion application to configure additional details for the application. The following details need to be entered in the form shown
    1. User Scope: Select All
    2. MDM Terms of Use URL: Copy the Terms of User URL from Scalefusion Dashboard (Step 1 > 6) and paste it here.
    3. MDM Discovery URL: Copy the MDM Discovery URL from Scalefusion Dashboard (Step 1 > 6) and paste it here.
    4. Click Save once done.
  7. Once the settings are saved, click on On-Premises MDM application settings
  8. From the list of options, click on Expose an API and click Edit next to Application Id URI
  9. Edit the URI to and click Save

This completes the setup of Scalefusion and Azure AD to enable automatic enrollment of Windows 10 devices when they are joined to Azure AD or a Work account is added to the device.

For Enrolling Windows 10 Devices using Azure AD please refer to the documents below,

  1. Enrolling Windows devices using Azure AD: Use this document to enroll devices that are already in the field and are being used by your employees.
  2. Out of Box Enrollment with Azure AD: Use this document to enroll devices that are yet to be distributed and can be enrolled right out of the box.

How did we do?

Powered by HelpDocs (opens in a new tab)