Integrate Active Directory(AD)

In any organization, AD plays an important role thanks to its extensive capabilities including but not restricted to user management, identity management, authentication etc., Integrating AD with MDM, lets MDM leverage these capabilities, to further device management. You need to use an Azure account, with global administrator privileges, to integrate Entra ID(formerly Azure AD) with MDM Cloud.

Advantages of AD Integration

• Enrollment through AD credentials

In enrollment by invites, employees can use their AD credentials to authenticate themselves and enroll devices, instead of using OTP. In addition, AD credentials as a part of Two-factor authentication, to further improve security.

• AD-based self enrollment

Employees can also use their AD credentials, to enroll their devices using self enrollment provided the domain has been verified.

• Logging in through AD credentials

Technicians can use AD credentials, to login to the MDM Cloud web client.

• Restrict Self Enrollment

Self enrollment can be permitted to specific AD groups

• User auto-suggest

Adding AD users ensures these users are auto-suggested, when creating enrollment requests

If you integrate your AD with MDM, you can have the AD user details imported to MDM, as explained here.

Setting up Entra ID(formerly Azure AD) in MDM

You need to follow the steps below to integrate your Entra ID with MDM:

• On the MDM Server, click on Enrollment tab from the top menu and select Active Directory(AD) Integration from the left pane.
• Click on Add Entra ID and then click on Authorize Now, to authorize MDM to access your AD details.
• On clicking a new windows opens, where you need to provide your Entra ID administrator credentials. Once done, click on Accept after viewing all the requisite permissions needed by MDM for integration. MDM requires all the permissions listed.



• Once the integration is succesful, you will be redirected back to the MDM server. If you want to utilize AD credentials for self-enrollment, select the option Use the above Active Directory for authentication and click on Finish. Also, to enable self enrollment using AD, you need to verify the organization domain.

Permissions required by MDM

Here are the list of permissions required by MDM for integrating Entra ID(formerly Azure AD):

• Read all users' profiles
• Read and write domains
• Sign in and read user profile
• Read and write all groups

Verifying the added domain

Domain verification is a vital step, to ensure the Azure domain added is a valid yet to expire domain and you have the requisite previlege to use the AD domain. In certain cases, your organization maybe using a different domains for different purposes(E-mail, Azure) and you would have verified the other domains. In such cases, you need to additionally verify the Azure domain. There are three methods to achieve the same, as listed below:

• CNAME Method: Add a unique CNAME record, on the domain's DNS Manager.
• TXT Record Method: Add a specific TXT record, on the domain's DNS Manager.
• HTML Method: Upload the given HTML file, in the folder specified, on your website.

To add and verify the domain, follow the steps given below:

• Go to this link and login, if need be.
• Provide your Azure ID domain, in the space provided and click on OK. Once done, the next step is to verify the domain.



• Once added, click on Verify Now to initiate the verification process.



• Now, specify your DNS service provider, from the given list of options.



• CNAME method
  

  The CNAME method involves adding the given unique CNAME. You need to create this CNAME for your AD domain and point it to the destination specified.



• TXT Record method
  

  The TXT Record method involves adding a unique TXT Record. You need to create this TXT Record for AD domain and point it to the destination specified.



• HTML method
  

  The HTML method involves downloading the given sample HTML file and adding it to the specified location.