14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Hexnode Integrations
  3. Microsoft Entra ID

Category filter

Microsoft Entra ID integration with Hexnode UEM

Jump To

Microsoft Entra ID is a cloud-based, multi-tenant identity and access management service. It provides easy sign-in provisions and automates workflow to meet the needs of your growing organization. It is a source to a single user or group information and provides a platform with enhanced security, access management, scalability and reliability for connecting multiple users.

Microsoft Entra ID supports multi-factor authentication thus providing a source of security for organizational resources. It allows the users to sign in with their pre-existing credentials by bringing in single sign-on (SSO) based approach. Integrate your Microsoft Entra ID with Hexnode and manage the Active Directory from a single console, sync your users and groups for easy enrollment and policy assignment.

Integrate Microsoft Entra ID

To configure Microsoft Entra ID with Hexnode,

  1. On your Hexnode UEM console, Navigate to Admin > Integrations.

    Microsoft Entra ID integration tile displayed in the Hexnode admin console

  2. Select the Microsoft Entra ID tile from the available integrations.
  3. A window will appear prompting you to enter your organization’s Microsoft Entra custom domain/Directory (Tenant) ID.

    Option to configure the Entra ID

  4. Enter the domain details and click Configure.
  5. You will be prompted to sign in with your Microsoft Entra ID credentials.

    Option to sign in to the Microsoft Entra ID account

  6. After signing in, a pop-up will ask for permission to the Hexnode Azure Directory Services app. Check the box and click Accept.

    ALT Required permissions for the Hexnode Azure Directory Services app

  7. You will be redirected back to the Hexnode UEM portal, where the integration with Microsoft Entra ID will be completed.

In the same integration window, you can configure both the directory settings and the scheduled sync settings to simplify the enrollment setup.

  • Allow self-enroll – Allows users to enroll their devices into Hexnode UEM using their Microsoft Entra ID credentials.
  • Map UPN to email address – Adds the User Principal Name from the Microsoft Entra ID account as the email address on your Hexnode UEM portal, if an email address does not exist for the user.

Options to configure the domain and schedule the sync

Schedule sync

Hexnode UEM allows the users to decide how often they want to sync the AD with Hexnode.

  • Admins can choose to initiate sync either daily or on a weekly basis.
  • Select the days of the week or choose a specific time of a day for the sync to occur.

Once the integration is complete, a Microsoft Entra ID subsection will appear in the left pane of the Admin section. This subsection will display all the integrated Entra ID domains as tiles, allowing you to modify the scheduled sync and directory services settings. From here, you can directly sync or delete domains and disable self-enrollment for the integrated Entra ID domains.

Tile displaying the configured Entra ID

Notes:

  • Microsoft Entra ID users can enroll their devices in Hexnode UEM by authenticating their directory credentials. Hexnode Azure Directory Services require the following consent permissions to authenticate with Microsoft Entra ID:
    • profile – View users’ basic profile
    • offline_access – Maintain access to data you have given it access to
    • email – View users’ email address
    • openid – Sign users in
    • User.ReadBasic.All – Sign in and read user profile
  • If an Microsoft Entra ID administrator has set the ‘User consent settings’ (Microsoft Entra ID > Enterprise applications > Consent and permissions) to ‘Do not allow user content,’ users will not be able to grant the consent permissions to Hexnode Azure Directory Services. In that case, the permissions require admin consent for authentication, and users without admin privileges will fail to enroll their devices in Hexnode UEM. To overcome this scenario, the admin must set the ‘User consent settings’ to either ‘Allow user consent for apps’ or ‘Allow user consent for apps from verified publishers, for selected permissions’.
  • If the ‘User consent settings’ is set to ‘Allow user consent for apps from verified publishers, for selected permissions’ the admin must enable the permissions as mentioned earlier so that users can consent to on behalf of the organization. To enable such permissions, the admin has to navigate to Microsoft Entra ID > Enterprise applications > Consent and permissions > Permission classifications (preview) > + Add permissions > Microsoft APIs > Microsoft Graph.

Delete AD domain

Hexnode UEM lets users remove their Microsoft Entra ID domain from the portal with ease.

  1. Access the Delete Domain option by clicking on the settings icon under Enroll > All Enrollments > Enterprise > Microsoft Entra ID.

    2. Option to delete the configured Entra ID domain

  2. During the deletion process, the administrator is provided with two options.
    • Disenroll device(s)
    • Assign to a new user
    1. Disenroll device(s) option removes the Microsoft Entra ID domain from the portal and disenrolls all devices enrolled under the domain.
      • Pre-approved devices will also be deleted from the portal.
      • The admin is then required to specify the number of users that will be deleted under the domain and click on the Remove button to complete the process.

      2. Option to remove devices from Entra ID before deleting the domain

    2. Assign to a new user option lets the admin assign all devices under the domain to a new user. All existing restrictions/configurations and apps associated with the old user will be removed from the respective device(s).

      Option to assign the devices to a new user before deleting the domain

      • After specifying the number of users that will be deleted, click on the Remove button which will open a dialogue box to assign device(s) to a new user.
        • Note:


        If the mandatory app policy is configured on the new user, devices that do not support silent app installation/uninstallation will prompt the user to install/uninstall an app.

        Option to choose a user for device re-assignment

      • Select the domain and choose the user to assign the devices.
      • Toggle the Delete Old User’s Location History checkbox to delete location history of old users. Click on the Assign button to complete the process.
    3. Notes:

    • If the “Remove apps from the device on policy removal” option at Policies > Android Settings/iOS Settings > App Management > Mandatory Apps is checked, mandatory apps associated with the old user will be removed and mandatory apps associated with the new user will be installed on the device.
    • If the mandatory app(s) is installed already on the device and is associated with both old and new users, then those apps will be re-installed on the device.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Hexnode Integrations