Thursday, 9 January 2014

MDM in SCCM 2012 R2 - User Configuration

Back to ConfigMgr main menu
Back to MDM Menu

The licensing model for Mobile Device Management in ConfigMgr 2012/Intune is user based. A single license entitles the user to enrol five supported devices. With this in mind it is necessary to carry out the following user-driven tasks.                  

  • Add UPN to user accounts
  • Discover users in SCCM
  • Add users to Intune Users collection in SCCM
  • Synchronise Domain Users with Windows Azure (Microsoft Cloud Directory Services)
The User Principal Name (UPN) is an Internet-style login name for an AD user based on the Internet standard RFC 822. By convention, this should map to the users primary SMTP address. We previously registered a public domain name in Windows Intune. This was subsequently verified by Microsoft. This is the domain that ConfigMgr/Intune would now expect users to be using when enrolling devices. In order to facilitate this we would first have to add a UPN to the required user accounts.

Open Active Directory Domains & Trusts. Right click Active Directory Domains & Trusts and choose Properties.

Add the Alternative UPN.

Now change the UPN for your users (you need to use the drop-down arrow).

You can use PowerShell to bulk-change the UPNs if you wish. You will find many sample scripts online.

User Discovery

Active Directory Users are not automatically known to ConfigMgr. Active Directory User Discovery must be enabled.

Active Directory User Discovery

Enable and configure discovery. Which OUs do you need?

Run full discovery now.

Monitor progress using ADUSRDIS.LOG file.

User records have been created in ConfigMgr database and users can be seen in the console.

Intune Users Collection

Create a user collection in ConfigMgr. Add all required users to this collection. The collection will later be used in configuring the Windows Intune subscription (allowing these users to enrol devices).

The Create User Collection wizard

Collection created and populated with users.

Synchronize with Azure
We are now ready to synchronise our users with Windows Azure (Microsoft Online Directory Services - for Intune, Office 365 etc). This is shown in the next section.

No comments:

Post a comment