In the previous 2 blogs I have prepared the ConfigMgr environment for Mobile Device Management (MDM), well I made a beginning to first create the subscription http://focusonsystemcenter.nl/?p=216 and then I created the Windows Intune Connector role http://focusonsystemcenter.nl/?p=245 Now I will take a next step in the process.
What I want to accomplish is that my management is handled from ConfigMgr and that my internal users can access the Intune portal with their already used credentials. I defined a user collection in ConfigMgr for users that are allowed to use the Intune portal and their mobile devices. Windows Intune offers synchronization from your internal AD to Intune. The sync process is handled with a tool called Dirsync. When you sign up for an Intune trial, you get a username looking like email@example.com, however you probably want to use your internal domain credentials, in my case firstname.lastname@example.org. Also when you create a new user you want the object to be automatically created in Windows Intune. To get this all going, go to the Windows Intune console and click on users. You will see something like the picture below.
You choose for Active Directory Set up and al the steps you need to take are shown in the next picture.
What I actually did is that I created a VM in my testlab to install the things needed for the DirSync tool. From this machine I opened the Intune console and followed the steps. Step 1 is clear, so then step 2…. Verify your domain, this presented me with the following issue in my testlab. My internal domain is called rlv-it.com, but I do not own that domain, I do own rlv-it.nl so that is the domain I can verify and sync with Windows Intune. For management with ConfigMgr to work my users should have a upn that represents the verified domain, in my case @rlv-it.nl. You can do that by adding the upn in your domain (In domains and trusts) and change the user accounts to reflect that upn name. So having done that I go to step 3 and click Activate (see picture below) and continue with step 4 Download. I actually choose to run the download immediately to install and configure the Dirsync tool in one go. Below you can see the screenshots of the installation and configuration.
I choose to keep the checkbox checked and go through the configuration. The screenshots are below.
In the next screen you will have to fill in your Windows Intune credentials. It is a good practice to create credentials especially for this purpose (I did not for this demo)
Then the AD credentials and again create a new user especially for the sync is a good practice (I did not… )
Keep the checkbox ticked to get synchronization started.
If everything is good the internal domain will be sychronised to Windows Intune. Maybe interesting to know that on the dedicated machine I have set up for DirSync the following programs have been installed.
Next thing to check is if synchronization has been successful, so I open the Intune portal and see below the screenshot.
And … synchronization happened (the picture shows only 2 users, but I thought I did not need to make a bigger screenshot). Well this concludes blog 3, time to enroll a Windows RT device, however that I will describe in the next blog.