Configure Azure AD based Device Enrollment

As an organization if you are using Azure AD for user management, then you can streamline and automate the Windows 10 device enrollment when a user Signs In to their Work account on the PC. This document guides you on how to setup Automatic enrollment for Windows 10 devices using Azure AD.

By configuring this, when a user from your organization joins the Azure AD or adds a Azure AD based Workplace account then the device is automatically enrolled in Scalefusion Dashboard and becomes managed.

Azure AD Prerequisites - Procure Azure AD Premium License

  1. You would need an Azure AD Premium license for automatic enrollment.
  2. Assign the premium license to all the users who you wish to use automatic enrollment. In most cases, by default once you have premium license all users are included in this but please contact your Microsoft Azure AD sales rep to understand how licensing works

Scalefusion Prerequisites - Migrate to Azure AD Based Dashboard Sign In

  1. If you are already a Scalefusion customer, then please make sure to migrate to Azure AD/Office 365 based Dashboard Sign In. Please use our document here to complete the migration.
  2. Sign In to Scalefusion using Azure AD credentials
    1. To setup Azure AD based enrollment you need to Sign In with a user that has Global Admin privileges.

Configure Azure AD Enrollment

Step 1: Setup Azure AD Details on Scalefusion Dashboard

The first step is to provide your Azure AD details to Scalefusion so that you can get the automatic enrollment URL that can be configured in Azure AD portal. Follow the steps below to complete this step,

  1. Sign In to Scalefusion Dashboard using your Azure AD credentials.
    1. Sign with a user that has Global Administrator privileges to Azure AD.
  2. Navigate to Getting Started > Windows Setup. Click on Azure AD Setup
  3. Scalefusion will ask for permissions to manage your devices. Click on Authorize to view the Azure permissions dialog
  4. Click Accept, to grant Scalefusion the required permissions.
  5. On Dashboard, scroll down to see the Azure AD details form. Please provide the details asked for
    1. Tenant ID: This is your Azure AD Tenant Id. Please sign in to Azure portal and click on your Directory to see it's overview. Here you will find the tenant id.
    2. Select Default Configuration: Select a device configuration for the devices once they enroll. This is the policy or the profile that will be applied to devices once they automatically enroll. Refer to our enrollment configuration guide for Kiosks and BYOD to create a configuration.
    3. Oganization Name: Enter your Organization name that will be displayed to the end users. You can provide all the details about your organization under Mission Control > Organization Info.
    4. Click SAVE to save the details
  6. You will be shown with additional configuration data as shown below
    1. MDM Terms of Use URL: The terms of use URL
    2. MDM Discovery URL: The MDM discovery/enrollment URL
These URLs will also reflect on Azure AD portal

Step 2: Setting up Scalefusion as MDM Provider in Azure AD

Now that you have completed the set up on Scalefusion Dashboard, the next step is to configure Scalefusion as MDM Provider in Azure AD. Follow the steps below to complete the configuration,

  1. Sign In to and switch to your directory for which you had got the tenant id in Step 1.
  2. Click on the Mobility (MDM & MAM) option. The application will be listed in the Mobility (MDM & MAM) section in the list of applications once you have completed the Azure AD Setup on Scalefusion Dashboard (Step 1 above).
An administrator who has Scalefusion's subscription and has done Azure AD Setup on Scalefusion Dashboard (Step 1 above) will have Scalefusion application automatically listed under Mobility (MDM & MAM).
  1. Click on the Scalefusion application to configure additional details for the application:
    1. MDM User Scope: Select All
    2. Click Save

This completes the setup of Scalefusion and Azure AD to enable automatic enrollment of Windows 10 devices when they are joined to Azure AD or a Work account is added to the device.

For Enrolling Windows 10 Devices using Azure AD please refer to the documents below,

  1. Enrolling Windows devices using Azure AD: Use this document to enroll devices that are already in the field and are being used by your employees.
  2. Out of Box Enrollment with Azure AD: Use this document to enroll devices that are yet to be distributed and can be enrolled right out of the box.

How did we do?

Powered by HelpDocs (opens in a new tab)