This week a blog post about the addition of a new discovery method, as Configuration Manager 1706 introduces the Azure Active Directory User Discovery. This discovery method enables organizations to search Azure AD for user information. It adds the cloud-only users to the Configuration Manager environment and it adds additional attributes to the existing on-premises user objects. The attributes that are discovered are objectId, displayName, mail, mailNickname, onPremisesSecurityIdentifier, userPrincipalName and AAD tenantID. In this post I’ll show how to configure the Azure Active Directory User Discovery and I’ll show a couple of challenges that I faced during the configuration. I’ll end this post with the administrator experience. The configuration options for the administrator and the important places for the administrator to look for the additional information.
Let’s start with the configuration, which actually can be as simple as walking through a wizard. During the steps shown below, I’ll show the required steps for the initial cloud services configuration. Some screenshots will indicate that I’ve got multiple cloud services configured already. Before starting with the configuration, it’s good to mention that I always create a separate web app for every cloud service. By doing that I make sure that every web app only has the required permissions for it’s specific use case. Having said that, follow the next steps to configure the Azure Active Directory User Discovery by creating new web apps.
During my initial configuration of the Azure Active Directory User Discovery , I encountered a few challenges. The most important challenges that I faced, are the following.
Now let’s end this post with the most interesting part, the administrator experience. From an administrative perspective, this configuration introduces at least the following new items.
For more information about the Azure AD user discovery and how to use and configure it, please refer to the following articles:
- About discovery methods (section: Azure Active Directory User Discovery): https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/about-discovery-methods#azureaddisc
- Configure discovery methods (section: Configure Azure AD User Discovery): https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/configure-discovery-methods#azureaadisc
- Configure Azure services (section: Create the Azure web app for use with Configuration Manager): https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/Azure-services-wizard#webapp
- Install and assign Configuration Manager clients from the Internet using Azure AD for authentication: https://docs.microsoft.com/en-us/sccm/core/clients/deploy/deploy-clients-cmg-azure