Skip to main content

Azure AD Join

With Azure AD Join the device and the user becomes known to Snow Device Manager by authenticating against an Azure Active Directory. When the device is authenticated, the device becomes associated with the user’s Azure AD account and is automatically enrolled to Snow Device Manager for management. Depending on enrollment method the device can be enrolled as a company or privately owned device.

Prerequisites

The following requirements must be met in order to successfully enroll Windows 10 devices with Azure AD and Snow Device Manager:

  • An Azure Active Directory must be setup. The Azure AD may be synchronized with an on-premises AD.

  • The Azure Active Directory must have a valid Azure Active Directory subscription.

  • A valid Azure Active Directory Premium license must be assigned to users eligible for automatic MDM enrollment with Azure AD Join.

    Note

    An Azure Active Directory Premium license for users might be included in your Office 365 subscription.

  • An on-premises MDM Azure App must be added and configured to the Azure AD, see On-premises MDM Azure App configuration.

    Note

    The same MDM Azure App may be used to integrate with Windows Store for Business.

  • An AD integration configured on a Snow Device Manager domain.

  • The Snow Device Manager domain must also be configured with a lookup keyword that matches the Azure AD domain name (for example my.company.com).

On-premises MDM Azure App configuration

To successfully enroll Windows 10 devices with Azure AD and Snow Device Manager, an MDM Azure App must be installed and configured on the Azure AD tenant’s site by an Azure AD administrator. Specifically, the Azure App must be configured to target Snow Mobile Information Server where the enrollment will occur.

Add the On-Premises MDM App to the Azure AD directory

  1. Log on to Azure AD management console with administrator credentials.

  2. Select the Active directory to be configured and click APPLICATIONS.

  3. At the bottom of the page, click ADD, and then select Add an application from the gallery.

  4. In the Search box, type On-premises MDM and press Enter.

  5. Click the only search item that appears and provide a name for the app to be added, for example SDM_MDM.

  6. Click Complete to add the Azure App to your Azure AD directory.

Configure the MDM Azure App

Depending on whether your Snow Device Manager domain is hosted by Snow Software or part of your on-premises Snow Mobile Information Server, different base target URLs should be used.

For example, if you have an on-premises SDM server located at https://yourcompanyname.com the base URL should be https://yourcompanyname.com. In the following instruction a base URL for Snow Device Manager hosted by Snow Software has been used.

To configure the MDM Azure App for automatic Snow Device Manager enrollment:

  1. In the MDM DISCOVERY URL box, type https://gw.snow.dm/EnrollmentServer/Discovery.svc.

  2. In the MDM TERMS OF USE URL box, type https://gw.snow.dm/windm/TermsOfUse.html.

  3. In the APP ID URI box, type https://gw.snow.dm.

  4. In section Manage device for these users, select all users or any number of user groups that should be included in automatic Snow Device Manager enrollment using Azure AD.

  5. Save the configuration.

In this section: