check-circle-line exclamation-circle-line close-line


To use Azure Active Directory (AD) groups in the roles based access control (RBAC) feature, authorize Workspace ONE Intelligence to connect with your Azure AD environment.

Workspace ONE Intelligence uses the Microsoft Graph API to communicate with your Azure environment.


You must have the permissions to configure a public Azure AD account. Use your Azure AD admin account credentials for registration. If you do not have admin permissions to set up Azure AD, have an Azure AD admin register your environment with Workspace ONE Intelligence.


  1. In the Workspace ONE Intelligence console, go to Integrations > Microsoft Azure Active Directory > Set Up. The system directs you to your organization's Microsoft area. If you have Azure AD admin permissions, the system prompts you to enter your Azure AD credentials.
  2. Select Accept in the Microsoft window to give Workspace ONE Intelligence permissions to access data in Azure. If the system accepts the permissions, the Microsoft Azure Active Directory integration displays as Status: Authorized.
    • Give permission to sign in and read user profiles in Azure.
    • Give permission to read all groups in Azure.
    • Give permission to read the full profiles of all users in Azure.


When you add an admin or group in Workspace ONE Intelligence, you can select from users and groups in your Azure Active Directory environment.

What to do next

Add and edit admins in Settings > Administrators. For information on the different roles and their permissions, access RBAC Role Descriptions.