Product Documentation

Parámetros del servidor Microsoft Azure Active Directory

Feb 22, 2017

Devices running Windows 10 enroll with Azure as a federated means of Active Directory authentication. You can join Windows 10 devices to Microsoft Azure AD in any of the following ways:

  • Enroll in MDM as part of Azure AD Join out-of-the-box the first time the device is powered on.
  • Enroll in MDM as part of Azure AD Join from the Windows Settings page after the device is configured. This feature is not available on Windows 10 Phones.
  • Enroll in MDM as part of Azure AD Join as part of addinga  work account on a personal device.

You need a Microsoft Azure Active Directory premium license before you can integrate XenMobile with Microsoft Azure. The license is required to enable MDM integration with Azure AD so that users with Windows 10 devices can enroll using Azure AD. See Microsoft Azure for information about obtaining the premium license.  For information about pricing, see Azure Active Directory pricing

Before Windows device users can enroll with Azure, you must configure the Microsoft Azure server settings in XenMobile, as well as set up a Terms and Conditions device policy for Windows devices. This article describes how to configure the Microsoft Azure settings. For information about configuring a Terms and Conditions device policy for Windows devices, see Terms and conditions device policies.

Before you can set up the Microsoft Azure server settings in XenMobile, you need to log on to the Azure AD portal and do the following:

1. Register your custom domain and verify the domain. For details, see Add your own domain name to Azure Active Directory.

2. Extend your on-premise directory to Azure Active Directory using directory integration tools. For details, see Directory Integration.

3. Make the MDM a reliable party of Azure AD. To do so, click Azure Active Directory > Applications and then click Add. Select Add an application from the gallery. Go to MOBILE DEVICE MANAGEMENT, select On-premise MDM application and then save the settings.

4.   In the application, configure XenMobile server discovery, terms of use endpoints, and APP ID URI as follows:

  • MDM Discovery URL: https://<FQDN>:8443/zdm/wpe
  • MDM Terms of Use URL: https://<FQDN>:8443/zdm/wpe/tou
  • APP ID URI: https://<FQDN>:8443/

5. Select the on-premise MDM application that you created in step 3 and enable the Manage devices for these users option to enable MDM management for all users or any specific user group.

You also need to note the following information from your Microsoft Azure account in order to configure the settings in the XenMobile console:

  • App ID URI – the URL for the server running XenMobile.
  • Tenant ID – from the Azure application settings page.
  • Client ID – the unique identifier for your app.
  • Key – from the Azure application settings page.

1. In the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.

2. Under Platforms, click Microsoft Azure. The Microsoft Azure page appears.

localized image

3. Configure these settings:

  • App ID URI: Type the URL for the server running XenMobile that you entered when you configured your Azure settings.
  • Tenant ID: Copy this value from the Azure application settings page. In the browser address bar, copy the section made up of numbers and letters. For example, in https://manage.windowszaure.com/acmew.onmicrosoft.com#workspaces/ActiveDirectoryExtensin/Directory/abc213-abc123-abc123/onprem ..., the Tenant ID is: abc123-abc123-abc123.
  • Client ID: Copy and paste this value from the Azure Configure page. This is the unique identifier for your app.
  • Key: Copy this value from the Azure application settings page. Under keys, select a duration in the list and then save the setting. You can then copy the key and paste it into this field. A key is required when apps read or write data in Microsoft Azure AD.

4. Click Save.

Important

When users join Azure AD on their Windows devices, the XenMobile Store and Weblink device policies you configured in XenMobile are only available for Azure AD users, but not to local users. For local users to be able to use these device policies, they must do the following:
1. Join Azure AD on behalf of an Azure user in Settings > About > Join Azure AD.
2. Sign out of Windows and then sign in with an Azure AD account.