Jump to content


Peter van der Woude

How to integrate Microsoft Intune and System Center 2012 R2 Configuration Manager with Single Sign-On – Part 4: Integrate ConfigMgr and Intune

Recommended Posts

In the first part of this blog series I went through the introduction and the prerequisites, in the second part I went through the installation and configuration of AD FS and in the third part I went through the directory synchronization. This fourth part of the blog series will finally be about ConfigMgr and Microsoft Intune. During this part the last configurations will be done to get the required UPNs to ConfigMgr and to synchronize this information to Microsoft Intune.

Synchronize new UPN to ConfigMgr
To correctly synchronize the correct user information via Microsoft Intune, it is required to discover the most recent UPN changes to the users.

  • Open the Configuration Manager console and navigate to Administration > Overview > Hierarchy Configuration > Discovery Methods, right-click Active Directory User Discovery and select Run Full Discovery Now.
    • ConfigMgr_ADUD.jpg

Create a Microsoft Intune collection
To allow user to enroll their mobile device through Microsoft Intune it’s required to specify which user are allowed to perform this action. This is done by specifying a collection during the configuration of the Microsoft Intune connector. First we need to create this collection.

  • Open the Configuration Manager console and navigate to Assets and Compliance > Overview, right-click User Collections and select Create User Collection.
    • ConfigMgr_CUC.jpg
  • The Create User Collection Wizard will show. Provide a name like All Microsoft Intune Users and limit the collection to the All Users collection. Walk through the wizard and simply add a few users that a required to enroll their devices through Microsoft Intune.
    • ConfigMgr_CUCW.jpg

Add Windows Intune Subscription
To integrate Microsoft Intune with ConfigMgr it’s required to add the subscription to ConfigMgr.

  • Open the Configuration Manager console and navigate to Administration > Overview > Cloud Services, right-click Windows Intune Subscriptions and select Add Windows Intune Subscription.
    • ConfigMgr_AWIS.jpg
  • The Create Windows Intune Subscription Wizard will show. On the Getting started page, click Next.
    • ConfigMgr_CWISW_1.jpg
  • On the Windows Intune Subscription page, click Sign In.
    • ConfigMgr_CWISW_2.jpg
  • In the Set the Mobile Device Management Authority dialog box, select I understand.. and click OK.
    • ConfigMgr_CWISW_3.jpg
  • In the Subscription dialog box, specify the Microsoft Intune subscription details and click Sign In.
    • ConfigMgr_CWISW_4.jpg
  • Back on the Windows Intune Subscription page, click Next.
    • ConfigMgr_CWISW_5.jpg
  • On the General Configuration page, select the collection All Microsoft Intune Users (created in the previous step), provide some company details, specify the site code and click Next.
    • ConfigMgr_CWISW_6.jpg
  • On the Platforms page, click Next.
  • On the Company Contact Information page, specify the contact details of the company and click Next.
    • ConfigMgr_CWISW_7.jpg
  • On the Company Logo page, click Next.
  • On the Summary page, click Next.
  • On the Completion page, click Close.

Add the Windows Intune Connector role
To connect Microsoft Intune with ConfigMgr the last step is to install the Windows Intune Connector.

  • Open the Configuration Manager console and navigate to Administration > Overview > Site Configuration > Servers and Site System Roles, right-click \\<PrimairySiteServer> and select Add Site System Roles.
    • ConfigMgr_ASSR.jpg
  • On the General page, click Next.
  • On the Proxy page, click Next.
  • On the System Role Selection page, select the Windows Intune Connector and click Next.
    • ConfigMgr_ASSR_1.jpg
  • On the Summary page, click Next.
  • On the Completion page, click Close.

Verify the Single Sign-On in Microsoft Intune
After integrating Microsoft Intune and ConfigMgr the last step is to verify that it’s all working.

  • On a Windows device navigate to PC Settings > Network > Workplace and provide the on-premises credentials of a user that is a member of the All Microsoft Intune Users collection.
  • Notice that this will also redirect to the on-premises AD FS for verifying the credentials.
    • SSO_Final.jpg
  • Notice after that a successful enrollment with the on-premises credentials.
    • SSO_Final_Enrollment.jpg

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.