Devices running Windows 10 enroll with Azure as a federated means of Active Directory authentication. You can join Windows 10 devices to Microsoft Azure AD in any of the following ways:
- Enroll in MDM as part of Azure AD Join out-of-the-box the first time the device is powered on.
- Enroll in MDM as part of Azure AD Join from the Windows Settings page after the device is configured. This feature is not available on Windows 10 Phones.
- Enroll in MDM as part of Azure AD Join as part of addinga work account on a personal device.
You need a Microsoft Azure Active Directory premium license before you can integrate XenMobile with Microsoft Azure. The license is required to enable MDM integration with Azure AD so that users with Windows 10 devices can enroll using Azure AD. See Microsoft Azure for information about obtaining the premium license. For information about pricing, see Azure Active Directory pricing.
Before Windows device users can enroll with Azure, you must configure the Microsoft Azure server settings in XenMobile, as well as set up a Terms and Conditions device policy for Windows devices. This article describes how to configure the Microsoft Azure settings. For information about configuring a Terms and Conditions device policy for Windows devices, see Terms and conditions device policies.
Before you can set up the Microsoft Azure server settings in XenMobile, you need to log on to the Azure AD portal and do the following:
1. Register your custom domain and verify the domain. For details, see Add your own domain name to Azure Active Directory.
2. Extend your on-premise directory to Azure Active Directory using directory integration tools. For details, see Directory Integration.
3. Make the MDM a reliable party of Azure AD. To do so, click Azure Active Directory > Applications and then click Add. Select Add an application from the gallery. Go to MOBILE DEVICE MANAGEMENT, select On-premise MDM application and then save the settings.
- MDM Discovery URL: https://<FQDN>:8443/zdm/wpe
- APP ID URI: https://<FQDN>:8443/
5. Select the on-premise MDM application that you created in step 3 and enable the Manage devices for these users option to enable MDM management for all users or any specific user group.
You also need to note the following information from your Microsoft Azure account in order to configure the settings in the XenMobile console:
- App ID URI – the URL for the server running XenMobile.
- Tenant ID – from the Azure application settings page.
- Client ID – the unique identifier for your app.
- Key – from the Azure application settings page.
1. In the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.
2. Under Platforms, click Microsoft Azure. The Microsoft Azure page appears.
3. Configure these settings:
- App ID URI: Type the URL for the server running XenMobile that you entered when you configured your Azure settings.
- Tenant ID: Copy this value from the Azure application settings page. In the browser address bar, copy the section made up of numbers and letters. For example, in https://manage.windowszaure.com/acmew.onmicrosoft.com#workspaces/ActiveDirectoryExtensin/Directory/abc213-abc123-abc123/onprem ..., the Tenant ID is: abc123-abc123-abc123.
- Client ID: Copy and paste this value from the Azure Configure page. This is the unique identifier for your app.
- Key: Copy this value from the Azure application settings page. Under keys, select a duration in the list and then save the setting. You can then copy the key and paste it into this field. A key is required when apps read or write data in Microsoft Azure AD.
4. Click Save.