Setting up Azure Services in ConfigMgr CB 1706 – Cloud Management

By | November 13, 2017

If you have been using Configuration Manager Current Branch, you probably already know that there have been quite a few new cloud-based “connections” added for integration into the console. Some of these connections are:

Starting in Current Branch 1706, Microsoft has drastically simplified configuring the connection to these services using the Azure Services Wizard. This wizard can either create the appropriate app registration in Azure for you, or you can use it to import an existing configuration. Importing is pretty straight-forward so we will walk through the creation in this article.

To complete the setup for each connector, someone with the appropriate permissions must be able to authenticate with their Azure AD credentials to complete the web app creation in Azure. You will be prompted for these credentials in the wizard so the account that you use to sign in to Azure doesn’t need to be the same account that runs the Azure Services Wizard in the Configuration Manager console. After signing in to Azure, Configuration Manager creates the web app in Azure for you, including the Client ID and secret key for use with the web app. Later, you can view these from the Azure portal.

Configure Cloud Management with Azure Services Wizard

Deploying the Azure service for Cloud Management enables Configuration Manager clients to authenticate with the site using Azure Active Directory. You can also enable discovery of Azure Active Directory resources for this tenant.

  • From the console, navigate to Administration – Cloud Services
  • Right-click Azure Services and select Configure Azure Services or highlight Azure Services and select Configure Azure Services from the top ribbon

  • From the Configure Azure Service pane, make sure Cloud Management is selected in the options, give the service a name, and click Next

  • In the App Properties pane, we are going to create both the Web App and the Native Client App registration needed for the connection. To create the connection someone will need to provide the appropriate Azure credentials to register the apps in Azure (see above). To configure the Web App properties, click Browse and then Create in the Server App pane

  • In the Create Server Application pane, give the app a Name, Homepage URL, and App ID URI (neither of these have to be resolvable and are only used to register the app). Select a Secret key validity period of 1 or 2 years and click Sign in to authenticate with an account that has the appropriate rights to create the app registration in Azure. Finally click OK

  • You should now see the app listed in the Server App pane – select it and click OK

  • Now we are going to basically follow the same steps for the Native Client appclick Browse and then Create in the Client App pane

  • In the Create Client Application pane, give the app a Name and Reply URL (again, this does not have to be resolvable but should be different then the URL used for the Web app). Click Sign in to authenticate with an account that has the appropriate rights to create the app registration in Azure. Finally click OK

  • You should now see the app listed in the Client App pane – select it and click OK
  • Now that the app registration is complete, we can click Next to continue with the connector configuration.

  • In the Configure Discovery pane, this is where you can enable and configure the Azure AD Discovery for your environment. It is safe to leave the default settings, but configure it based on your environment if needed. Finally click Next

  • Review the Summary page and click Next and then Close

Once you have completed the configuration, you should now see the newly created Cloud Management connection with the Azure AD User Discovery node under Azure Services. This is where you would go to configure the Properties of the Azure AD Discovery – not the usual Discovery workspace in the console.

You will also see your tenant information and the Web and Native Client App registrations under the Azure Active Directory Tenants node in Cloud Services.

To see the registered apps in the Azure portal: