Linking Intune to Configuration Manager

- [Instructor] If you're using a hybrid configuration or you're connecting Configuration Manager into your Azure portal, then you need to download the Microsoft Entra Connect application. So I just did a quick search, as you see here, for downloading the Entra Connect Sync program, and here it is. So you'll want to download the Entra Connect application and then run the installation. And what it's going to do for us is it's going to link our local on-premises Active Directory into the Azure Cloud called Entra ID, and then the users that show up on premises will also show up in Entra ID. Here's my Entra ID Connect program. Now Entra used to be called Azure AD or Azure Active Directory, and they haven't quite renamed everything yet. So even though I've downloaded the Entra Connect program, it's still called Azure AD Connect. Eventually, they will update the name. So I'll double-click to install Azure AD Connect. I'll need to have the on-premises domain, username, and password, as well as my Entra ID username and password. So if you have yet to create an Azure portal account, then you'll want to do that first, and you can simply go to portal.azure.com and choose the Signup option to get started. And here is the Azure AD Connect splash screen. I'll choose to agree and click Continue. And I'm going to choose the Express Settings, but you can certainly choose the custom ones if you want to see every step along the way. Now I need the Azure Global Administrator password, and I'll click Next. Now I need my local Active Directory username and password, and also click Next. Since I don't own the linkedIn.int domain, you're going to get a message saying, "Hey, you don't own this. Would you like to continue anyway?" Yes, I would like to continue. If you do own the domain, then you won't get that message. It's now ready to install, and now it's going to run the installation and then synchronize my local users with my Entra ID users. The configuration is complete. I'm going to click Exit, and now go into the Azure portal. I'll go ahead and close these other tabs because I don't need them anymore, and I've gone to portal.azure.com and logged in. Once again, if you haven't done this, go ahead and create your account, and by default, you're going to get an Entra ID link. And when you go in there, if you haven't created any users yet, then you'll just see your one user that was used to create your account. But you can go in and add users if you'd like. Now I've synchronized my on-premises users into the Entra ID cloud product. So we're seeing the same users. We're seeing Josh. We're seeing Jen, all these different users. These are the same users that were in my on-premises Active Directory, so the synchronization worked fine. You can also see whether or not this is an on-premises user. You can see on-premises Sync. And then beneath that, it either says "Yes" or "No." So that gives you a good idea which ones were imported and which ones were already in Entra ID. The next thing we're going to want to do is we need to go to intune.microsoft.com. And within Intune, you can see that it's going to support devices, things like that, with our administration using Configuration Manager. If this gives you the message you need to set it up, go ahead and set it up first, and then you should be able to see the page that you see here Now. Now I'm going to go back into Configuration Manager, and I'm going to link these two together. I'm back in Configuration Manager in the Administration section, as you can see. And under Cloud Services, you want to expand that and click on Cloud Attach, and then click the button that says Configure Cloud Attach. This will link our two accounts together by choosing the Azure environment first, and in this case, it's going to be the public cloud, and probably will be the same for you. I'll click and sign in and go ahead and click Add, any of these messages. And if you do get a message about installing Java, just go ahead and cancel out, go back in, and it should work fine. Another section you need to go to is in Server Manager, and turn off the IE Enhanced Security because, for some reason, it still uses that. Once you've signed in and you may get prompted for multi-factor authentication, it's going to ask you what type of settings you'd like. Now the default settings in most cases are fine. It's going to enable automatic enrollment. It's going to enable Endpoint Analytics, automatic upload, and it says it's going to do that to Microsoft Endpoint Manager Admin Center. Now Endpoint Manager has been renamed to Intune, and Endpoint Configuration Manager has now been renamed to Microsoft Configuration Manager, which is what we're using now. So don't let the naming throw you off. At some point, they will update that. If you decide to, you could choose the custom settings, but in my particular case, I just don't see a need for that. So I'll go ahead and click Next and Yes, And now it's linking the two together, and Cloud Attach was successful. Next, we're going to link up to various different Azure types of services. So I'm going to select Azure Services and configure those services. So I'll give it a name, and you can choose either the Cloud Management or the Administration Service Management. And the one I want to choose here is Cloud Management, and that's because it's going to allow both the authentication to Configuration Manager with local on-premises Active Directory, as well as authentication to my cloud services at Azure. Next, it's asking about application properties you'd like to push out to your cloud tenants, but you're going to be using Configuration Manager to do it. So I just created a fake native client app, and you can just do that by clicking on Browse and choosing Create. But in your case, you'll probably be importing various different applications. And I'll click Next. We'll choose the Enable Azure Active Directory User Discovery. You can choose settings on here for when that schedule happens. Click Next, and then you can go ahead and complete that. That was just an example of an application that you can push out from Configuration Manager to your Azure tenants. However, in your case, most likely it will be an actual application instead. I'm going to click on the Directory Tenants. And after linking the accounts, you can see that my tenant name LinkedIn Videos has gone ahead and been added in automatically. Cloud distribution points, I don't have a cloud distribution point, but I can certainly add one. And adding a distribution point allows me to have a place where those applications can be pushed out from this Configuration Manager into the Azure Cloud and then down to the clients that are attached, but not physically in my office. So when they're physically in my office, they're considered intranet clients. But when they're out in, say, public internet accesses, then they're going to be considered internet clients. And I can't communicate with internet clients from my Configuration Manager application. It has to be done through a cloud management gateway using a cloud distribution point at Azure. And that was the point of attaching our tenant inside our Configuration Manager.