Connect to Azure AD Tenant

This functionality creates a connection to your Microsoft Azure Active Directory (AAD) instance and connects Environment Manager Consoles and Agents to that instance. This connection allows authentication and query of data and users in AAD.

If a registration is not configured, the other Environment Manager AAD functionality is unavailable. To set up registration, Environment Manager must be connected to your Azure AD instance.

Access the AAD command from the Manage ribbon menu and provide the following information to configure your AAD Tenant:

  • Tenant ID - your AAD instance

  • Application (client) ID

  • Certificate Thumbprint

Each of these entries is specific to your AAD instance.

Use Test to check for the connection.

  • You will be prompted for User and Password and then the connection is validated.

  • Select OK to finish.

The connection is created and Environment Manager has access to your Azure Active Directory instance.

Further details on the connection are given for all User Workspace Manager applications in the UWM Online Help.

Azure AD Conditions

The following conditions can be used on endpoints that are joined to AAD domains. The join can be a full join or a hybrid join (where the endpoint is a member of an on-prem AD domain synchronized to the AAD domain by AAD Connect). These conditions are:

  • AAD Computer Group Membership

  • AAD User Group Membership

  • AAD User Name

  • AAD Client Computer Group Membership

These rules apply on the agents of both AAD-joined and hybrid-AAD-joined machines. If a device is not connected to the network at logon then the last known Groups apply. User group assignment changes can only apply at logon. Device group assignment changes can only apply at restart.

Further, when creating custom rules in the console, they can be created with conditions for AAD User Name, AAD User Group, AAD Computer Group and AAD Client Computer Group.

Configuration for AAD is via the global settings.

AAD Joined

This condition is used to verify the connection to Azure Active Directory has been made. The options are under the Is Azure AD Joined tab in the Is AAD Joined window, where you can choose to verify either Computer is joined or Computer is not joined.