Home » Integrate Entra ID(formerly Azure Active Directory)
pdf icon
Category Filter
x

IIntegrate Active Directory(AD)

Most organizations use Active Directory to simplify user management, identity management and user authentication. Mobile Device Manager Plus MSP integrates with your organization's Entra ID(formerly Azure AD) to help leverage its benefits.

Mobile Device Manager Plus MSP allows MSPs to integrate managed organizations' respective Entra ID(formerly Azure AD) accounts to ensure data privacy.

Advantages of AD Integration

  • Auto suggest users

    After integrating MDM MSP with Entra ID(formerly Azure AD), the users' email ID and names are auto suggested when an enrollment request is created. This helps admin create the enrollment requests quicker.

  • Automatic update of user accounts

    If there is a change in the users' e-mail address, display name or other attributes in the Entra ID(formerly Azure AD), this is automatically updated in the accounts configured with Mobile Device Manager Plus MSP.

Integrating Entra ID(formerly Azure AD) with MDM MSP

To integrate your organization's Entra ID with MDM MSP, navigate to Enrollment -> Active Directory. Follow the steps given below:

  1. Click on Integrate to initiate the integration.
  2. You'll be redirected to the Microsoft portal to provide the Entra ID administrator credentials.
  3. Provide the credentials and accept all the listed permissions to complete the integration.

Once the domain is added it will be listed on this page. If you have integrated G Suite with MDM MSP, you can also view the details on this page.

Sync with AD

Mobile Device Manager Plus MSP syncs with the AD once every day to fetch the details. Upon integrating with Entra ID only the modifications are noted and posted back to MDM MSP.

The admin can initiate a manual sync with AD by clicking either on Sync all or Sync only modified. As the name suggests, clicking on 'Sync all' will sync the complete AD again with MDM MSP and 'Sync only modified' syncs only the changes that were made after the previous sync.

Sync AD groups

After integrating AD with MDM MSP, you can also choose to sync the AD groups directly to MDM MSP. With this, the admin can manage devices by associating profiles, distributing apps and documents directly to the AD groups.

Enable group sync by clicking on Enable groups sync under the Actions column. This will sync all the groups from the selected domain and these groups will be available under Groups and Devices in the Device Mgmt tab.

Similarly, the group sync can be disabled by clicking on Disable group sync. This will disable all the synced groups from MDM MSP. The profiles, apps and documents will have to be removed manually by the users or the admin.

Remove AD

To remove an AD from MDM MSP, you need to ensure that the user does not have any enrolled devices or any pending enrollment requests. Once this condition is met, click on Action and Delete to disassociate the AD from MDM MSP.

Note: The users and groups will be listed on the MDM MSP server even after disassociating the AD and need to be removed manually by the admin.

Jump To

    Related Articles

    < Previous

    Next >