Tip: Capturing Devices to Manage in Intune Using Azure AD Connect

Working with customers who are starting their migration for identity and administration from on-premises to Azure, I see a couple options in the installation and configuration of Azure AD Connect that get missed. Particularly, once Azure AD Connect is installed and on-premises accounts are synced with Azure, customers find that their Active Directory managed devices are missing from Azure AD. And, of course, this means that Intune can’t see and manage these devices.

During the Azure AD Connect installation, there’s a configuration option available to “Configure Device Options.”

Alain Schneiter has a good blog with instructions on how to accomplish this: Configure Device Registration with Azure AD Connect

(Kudos to my teammate Jeff Gilbert for finding Alain’s blog post)

However, what if you miss configuring this option during the installation and configuration of Azure AD Connect the first time?

You can rerun the Azure AD Sync installation wizard a second time to make changes to the sync configuration.

What you can change:

  • Add more directories.
  • Change Domain and OU filtering.
  • Remove Group filtering.
  • Change optional features.

In this instance, the most common scenario for needing to rerun the Sync tool is because specific OUs that contained managed devices were missed during the initial configuration. By, altering the configuration so that the sync picks up the additional OUs you’ll see those missing managed devices shows up in Azure AD and be manageable using Intune.

One last thing…make sure you also assign an Enterprise Mobility Suite License to the synced users.

To assign an Azure AD Premium or Enterprise Mobility Suite License

  1. Sign in to the Azure portal as an admin.
  2. On the left, select Active Directory.
  3. On the Active Directory page, double-click the directory that has the users you want to set up.
  4. At the top of the directory page, select Licenses.
  5. On the Licenses page, select Active Directory Premium or Enterprise Mobility Suite, and then click Assign.
  6. In the dialog box, select the users you want to assign licenses to, and then click the check mark icon to save the changes.




Leave a Reply