Using Azure AD enrollment

By integrating Azure Active Directory and your MDM server, Azure Active Directory enrollment enables you to automatically enroll corporate-owned and BYOD Windows 10 devices with Mobility Management during device setup and pre-configure them with policies and settings. To use this feature, you must have an Azure AD Premium P1 or P2 account. For information about configuring the device setup process with Autopilot, see Microsoft's Autopilot Profiles Guide.

NOTE: A CSA can only connect to a single Azure AD account. If you have multiple Azure AD accounts you would like you use with Autopilot, you will need to set up an additional CSA for each account.

To configure Azure Active Directory enrollment

1.Log in to the Azure AD Portal.

2.Navigate to Azure Active Directory > Mobility (MDM and MAM).

3.Click Add application.

4. In both the MDM terms of use URL field and the MDM discovery URL field, enter https://[CSA]:444/rtc/[Core]/MDM/api/v1/enroll/WindowsDiscovery with the information for your CSA and core.

5.Click On-premises MDM application settings.

6.Click Properties.

7.Enter a name for the application.

8.In the App ID URI field, enter https://[CSA]:444 with your CSA information.

9.Navigate to Azure Active Directory > Properties, and copy the Directory ID.

10.In the Mobility Management console, navigate to Configure > MDM configurations > Windows MDM Autopilot.

11.In the App ID URI field, enter https://[CSA]:444 with your CSA information.

12.In the Directory ID field, paste the ID you copied from the Azure AD Portal.

13.Click Enrollment Agreement Configuration.

14.Browse to and select your enrollment agreement .html file, then click Save.

During the initial device setup, the user will select Set up for an organization and enter their corporate email address. The device will enroll with Mobility Management and walk them through the rest of the setup. For information about deploying the agent after MDM enrollment, see Installing the agent for hybrid management.