So what is that all about?
The Azure Services Wizard provides a common configuration experience to set up Azure services in ConfigMgr. You can use it for configuring Cloud Management (Azure AD authentication and user discovery), OMS Connector, Upgrade Readiness and Windows Store for Business.
Look back at the 1610 console. See that the Windows Store for Business and the Upgrade Analytics Connector were separate nodes under Cloud Services. Remember that the OMS Connector wasn't available until 1702.
WSfB was configured independently of any other service.
Now look at the 1706 console. See the new Azure Services node. You will see that my WSfB configuration has already been migrated.
So how do we configure this? We'll need Azure tenant details and credentials to complete the process. We'll also create some web apps along the way and grant the required permissions to the web apps (thanks to Nick Hogarth who figured this out).
Right click on the Azure Services node and select Configure Azure Services.
The Azure Services Wizard is launched. Enter a suitable name and select an Azure service. You'll see that Windows Update for Business is missing as it's already configured in this environment. We'll select Cloud Management to allow clients to authenticate with the hierarchy using Azure AD
In the App Properties dialog box we see that we're going to have to create some apps - web app and Native Client app. Browse in the web app section.
Select Create in the Server app dialog box.
Enter the following information in the Create Server Application box.
- Application name (suitable friendly name)
- Home page URL (this does not have to exist - max 200 characters)
- App ID URI (this does not have to exist - max 200 characters)
- Secret key validity period (2 years max)
Enter your Azure AD credentials when prompted.
Your Azure AD Tenant Name is automatically detected.
The server app has been configured and can be selected.
Now browse in the Native Client app section.
Enter the following information in the Create Client Application box.
- Application name (suitable friendly name)
- Reply URL (this does not have to exist - max 200 characters)
Your Azure AD Tenant Name is automatically detected.
The client app has been configured and can be selected.
Click Next to continue with the wizard when all the App Properties have been configured.
Now we can optionally choose to enable Azure AD Discovery. It allows you to add cloud-only users to your ConfigMgr environment.
Review the summary.
The Azure Services wizard has completed.
Some of my colleagues have discovered that you have to grant permissions to the web apps in Azure so that the solution can authenticate correctly (Nick Hogarth, Peter van der Woude).
In the Azure Portal, choose More Services -> App registrations
See the newly created server and client apps. Select each one in turn.
Select Required Permissions and choose Grant Permissions.
Review the SMS_AZUREAD_DISCOVERY_AGENT.log file for any errors.
So we've now completed the following:
- Added the Cloud Management Service
- Enabled Azure AD Discovery
Check this out. We won't need so much information the next time we need to add an Azure service.
This time I'll choose Upgrade Readiness.
This time I just need to choose a web app and I don't have to sign in to Azure.
I hope this blog post has been helpful. Until next time.....
No comments:
Post a Comment