Category filter

Microsoft Entra ID integration with Hexnode UEM

Microsoft Entra ID is a cloud-based, multi-tenant identity and access management service. It provides easy sign-in provisions and automates workflow to meet the needs of your growing organization. It is a source to a single user or group information and provides a platform with enhanced security, access management, scalability and reliability for connecting multiple users.

Microsoft Entra ID supports multi-factor authentication thus providing a source of security for organizational resources. It allows the users to sign in with their pre-existing credentials by bringing in single sign-on (SSO) based approach. Integrate your Microsoft Entra ID with Hexnode and manage the Active Directory from a single console, sync your users and groups for easy enrollment and policy assignment.

Integrate Microsoft Entra ID

To configure Microsoft Entra ID with Hexnode,

  1. On your Hexnode UEM console, navigate to Enroll > All Enrollments and under Enterprise category, choose Microsoft Entra ID.
  2. You’ll be directed to a screen to enter the Directory (Tenant) ID. Sign in to the Azure portal for your directory and copy the Directory ID (Microsoft Entra ID > Properties).
     
    Note:

    You can also add verified custom domains (Microsoft Entra ID > Custom domain names) in the Directory (Tenant) ID field.

  3. Enter the Directory ID in the Directory (Tenant) ID field on the Hexnode console. Click Configure.
  4. You’ll be asked to sign in with your Azure portal user credentials. Click Accept. This will render the listed permissions to the Hexnode Azure Directory Services.
  5. Microsoft Entra ID integration using Hexnode UEM

  6. Microsoft Entra ID is configured. You can now sync the Active Directory with Hexnode UEM.

After the integration is complete, you can configure the following settings for easy enrollment and policy assignment.

  • Allow self-enroll – Allows users to enroll their devices into Hexnode UEM using their Microsoft Entra ID credentials.
  • Map UPN to email address – Adds the User Principal Name from the Microsoft Entra ID account as the email address on your Hexnode UEM portal, if an email address does not exist for the user.

Microsoft Azure active directory integration using mdm

Schedule a sync

Hexnode UEM allows the users to decide how often they wish to sync the AD with Hexnode.

  • Admins can choose to initiate sync either daily or on a weekly basis.
  • Select the days of the week or choose a specific time of a day for the sync to occur.

Notes:

  • Microsoft Entra ID users can enroll their devices in Hexnode UEM by authenticating their directory credentials. Hexnode Azure Directory Services require the following consent permissions to authenticate with Microsoft Entra ID:
    • profile – View users’ basic profile
    • offline_access – Maintain access to data you have given it access to
    • email – View users’ email address
    • openid – Sign users in
    • User.ReadBasic.All – Sign in and read user profile
  • If an Microsoft Entra ID administrator has set the ‘User consent settings’ (Microsoft Entra ID > Enterprise applications > Consent and permissions) to ‘Do not allow user content,’ users will not be able to grant the consent permissions to Hexnode Azure Directory Services. In that case, the permissions require admin consent for authentication, and users without admin privileges will fail to enroll their devices in Hexnode UEM. To overcome this scenario, the admin must set the ‘User consent settings’ to either ‘Allow user consent for apps’ or ‘Allow user consent for apps from verified publishers, for selected permissions’.
  • If the ‘User consent settings’ is set to ‘Allow user consent for apps from verified publishers, for selected permissions’ the admin must enable the permissions as mentioned earlier so that users can consent to on behalf of the organization. To enable such permissions, the admin has to navigate to Microsoft Entra ID > Enterprise applications > Consent and permissions > Permission classifications (preview) > + Add permissions > Microsoft APIs > Microsoft Graph.

Delete AD domain

Hexnode UEM lets users remove their Microsoft Entra ID domain from the portal with ease.

  1. Access the Delete Domain option by clicking on the settings icon under Enroll > All Enrollments > Enterprise > Azure AD.
  2. Delete Domain option for Azure AD in Hexnode UEM

  3. During the deletion process, the administrator is provided with two options.
    • Disenroll device(s)
    • Assign to a new user
    1. Disenroll device(s) option removes the Microsoft Entra ID domain from the portal and disenrolls all devices enrolled under the domain.
      • Pre-approved devices will also be deleted from the portal.
      • The admin is then required to specify the number of users that will be deleted under the domain and click on the Remove button to complete the process.
    2. Disenroll device(s) option to disenroll all devices under an Azure AD account

    3. Assign to a new user option lets the admin assign all devices under the domain to a new user. All existing restrictions/configurations and apps associated with the old user will be removed from the respective device(s).

      Assign to a new user option to assign all devices under an Azure AD account to a new user

      • After specifying the number of users that will be deleted, click on the Remove button which will open a dialogue box to assign device(s) to a new user.
      • Note:


        If the mandatory app policy is configured on the new user, devices that do not support silent app installation/uninstallation will prompt the user to install/uninstall an app.

        Change device owner option to choose a new user to assign all devices under an Azure AD account

      • Select the domain and choose the user to assign the devices.
      • Toggle the Delete Old User’s Location History checkbox to delete location history of old users. Click on the Assign button to complete the process.
  4. Notes:

    • If the “Remove apps from the device on policy removal” option at Policies > Android Settings/iOS Settings > App Management > Mandatory Apps is checked, mandatory apps associated with the old user will be removed and mandatory apps associated with the new user will be installed on the device.
    • If the mandatory app(s) is installed already on the device and is associated with both old and new users, then those apps will be re-installed on the device.

  • Hexnode Integrations