Before you can use Azure AD to enroll your Windows devices, you must configure Workspace ONE UEM to use Azure AD as an Identity Service. Enabling Azure AD is a two-step process which requires the MDM-enrollment details to be added to Azure.
You must have a Premium Azure AD P1 or P2 subscription to integrate Azure AD with Workspace ONE UEM. Azure AD integration with Workspace ONE UEM must be configured at the tenant where Active Directory (such as LDAP) is configured.
- Navigate to .
- Log in to the Azure Management Portal with your Microsoft account or organizational account.
- Select your directory and navigate to the Mobility (MDM and MAM) tab. This tab was formerly the Applications tab.
- Select Add Application and select the AirWatch by VMware application.
You can use the default URLs if the user scope is set to none. If needed, you can also use placeholder URLs.
- Leave the AirWatch by VMware application on the default settings. Change the MDM user scope to All.
- Select Add Application again and select the On Premises MDM application. You can rename the application when you add it.
- Select Manifest section, add the Console URL under the IdentifierURIs. . In the
- Set MDM user scope to None to apply these settings to all users.
You can also limit the OOBE enrollment to selected Azure AD groups by selecting Some and adding the preferred groups.
- Select Save to continue.
- Navigate to the Properties tab and find the Azure Directory ID. This setting was formerly called the Tenant ID.
- Select User Account Details in the top right corner. The Azure Tenant Name is the name of your Azure Directory. You can find the name under the Domain tab.
- Return to the Workspace ONE UEM console and select Use Azure AD for Identity Services to configure Azure AD Integration.
- Enter the Azure Directory ID as the Tenant Identifier. Enter the default domain as your Azure Directory Tenant Name.
- Select Save to finish the process.