Azure Active Directory Integration with Hexnode UEM

Azure Active Directory (AD) is a cloud-based, multi-tenant identity and access management service. It provides easy sign-in provisions and automates workflow to meet the needs of your growing organization. It is a source to a single user or group information and provides a platform with enhanced security, access management, scalability and reliability for connecting multiple users.

Azure AD supports multi-factor authentication thus providing a source of security for organizational resources. It allows the users to sign in with their pre-existing credentials by bringing in single sign-on (SSO) based approach. Integrate your Azure AD with Hexnode and manage the Active Directory from a single console, sync your users and groups for easy enrollment and policy assignment.

Integrate Azure Active Directory

To configure Azure Active Directory with Hexnode,

1. On your Hexnode MDM console, navigate to Enroll > All Enrollments and under Enterprise category, choose Azure AD.
2. You’ll be directed to a screen to enter the Directory (Tenant) ID. Sign in to the Azure portal for your directory and copy the Directory ID (Azure Active Directory > Properties).
    
   
   Note:

   You can also add verified custom domains (Azure Active Directory > Custom domain names) in the Directory (Tenant) ID field.
   

3. Enter the Directory ID in the Directory (Tenant) ID field on the Hexnode console. Click Configure.
4. You’ll be asked to sign in with your Azure portal user credentials. Click Accept. This will render the listed permissions to the Hexnode Azure Directory Services.



5. Azure AD is configured. You can now sync the Active Directory with Hexnode UEM.

Schedule a sync

Hexnode UEM allows the users to decide how often they wish to sync the AD with Hexnode.

• Admins can choose to initiate sync either daily or on a weekly basis.
• Select the days of the week or choose a specific time of a day for the sync to occur.

Delete AD domain

Hexnode UEM lets users remove their Azure AD domain from the portal with ease.

1. Access the Delete Domain option by clicking on the settings icon under Enroll > All Enrollments > Enterprise > Azure AD.



2. During the deletion process, the administrator is provided with two options.
   • Disenroll device(s)
   • Assign to a new user
   1. Disenroll device(s) option removes the Azure AD domain from the portal and disenrolls all devices enrolled under the domain.
      • Pre-approved devices will also be deleted from the portal.
      • The admin is then required to specify the number of users that will be deleted under the domain and click on the Remove button to complete the process.

   

   2. Assign to a new user option lets the admin assign all devices under the domain to a new user. All existing restrictions/configurations and apps associated with the old user will be removed from the respective device(s).

      

      • After specifying the number of users that will be deleted, click on the Remove button which will open a dialogue box to assign device(s) to a new user.
      Note:

      • If the mandatory app policy is configured on the new user, devices that do not support silent app installation/uninstallation will prompt the user to install/uninstall an app.

      

      • Select the domain and choose the user to assign the devices.
      • Toggle the Delete Old User’s Location History checkbox to delete location history of old users. Click on the Assign button to complete the process.
Notes:

• If the “Remove apps from the device on policy removal” option at Policies > Android Settings/iOS Settings > App Management > Mandatory Apps is checked, mandatory apps associated with the old user will be removed and mandatory apps associated with the new user will be installed on the device.
• If the mandatory app(s) is installed already on the device and is associated with both old and new users, then those apps will be re-installed on the device.