Azure AD Integration I: Configure Azure Active Directory
PREREQUISITES
- Administrative Account for the Azure Active Directory to configure the integration with Silverback
- Administrative Account for the Silverback Management Console
- Microsoft Azure Active Directory Premium P1 or greater, or any Bundle which includes this license.
An Azure Active Directory Premium P1 or greater license is not required for the Microsoft Store for Business integration, as it is a separate process from automatic enrollments.
Configure Azure Directory
- Open Azure Portal and login as an Administrator
- Navigate to Azure Active Directory
- Navigate to Mobility (MDM and MAM)
- Click + Add application
- Choose On-premises MDM application
- Set a given name to the application (e.g. Silverback)
- Click Add
- Wait until Silverback application is added successfully
- Click X to Close
- Select your newly created application, e.g. Silverback
- Set MDM User scope:
- Choose “All” or
- Choose “Some” and select “groups”
The MDM User Scope settings are dedicated for the usage of Autopilot or Azure Active Directory Join and are not required for the Microsoft Store for Business Integration
- Change MDM terms of use URL to e.g. https://silverback.imagoverum.com/EnrollmentServer/TermsOfUse
- Change MDM discovery URL to e.g. https://silverback.imagoverum.com/EnrollmentServer/Discovery.svc
- Press Save
- Click On-Premises MDM application settings
- On the Overview section, copy the following values to any Text Editor (e.g. Notepad++)
- Application (client) ID: e.g. edfde181-304a-48d5-af66-fb0af5877a68
- Directory (tenant) ID: e.g. f7ce7027-e6d8-4844-8a91-1f66ad2a3592
- On the Overview section, copy the following values to any Text Editor (e.g. Notepad++)
- Navigate to Certificates & secrets
- Click New client secret
- Enter as description e.g. application_key
- Configure your expiration date for the key, e.g. 24 months
- Click Add
- Copy the new client secret value to your Text Editor (e.g Notepad++)
You won't be able to retrieve it after you leave this blade
Add a reminder into your calendar for the key expiration date. You will need to create a new key before the key will expire.
- Navigate to API Permissions
- Click Add a permission
- Scroll down to supported legacy APIs
- Choose Azure Active Directory Graph
- Select Application permissions
- Enable Directory.Read.All
- Click Add permissions
- Click Grant admin consent for your organization, e.g. Imagoverum
- Confirm with Yes
- Navigate to Expose an API
- Click Edit next to Application ID URI
- Change the URI to the your Silverback Server, e.g. https://silverback.imagoverum.com
- Press Save
- Your Azure Active Directory Configuration is now finished
- During the process you should have noted down 3 values
- Application ID,
- Directory ID
- Key Value
- Move forward to import these values into Silverback: Azure AD Integration II: Configure Silverback