Monthly Archives: July 2019

Sync SCCM CB 1906 Collection membership to Azure AD groups

Leave a reply

In the recently released 1906 version for SCCM Current Branch, you can now synchronize collection memberships to an Azure AD Group. This is really useful to take advantage of SCCM’s powerful collection membership queries that we can’t do today in Azure.

For more info, see https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections#bkmk_aadcollsync

In this post I have tested it out in my lab with:

  • Hybrid Azure AD join set up using Azure AD Connect syncing my computers to Azure AD. The devices in my collection have synchronized to Azure AD.
  • Azure AD Tenant added to Azure Services in SCCM and Azure AD User Discovery enabled
  • An existing group already created in Azure AD. I will use this to sync the collection members to

This is a pre-release feature of SCCM Current Branch 1906, it needs to be turned on.

2019-07-25_16-22-44

Once the feature has been turned on, you need to go to your Azure AD tenant in Azure Services, and Enable Azure Active Directory Group Sync.

2019-07-25_16-27-22

In my test collection, I have some devices that are co-managed and already exist in Azure AD. If you go to the properties of the collection, you will see a tab AAD Group Sync. Click on Add.

2019-07-25_16-32-14

Click on Search and then you will be prompted to login to your Azure tenant and then select the existing group in Azure AD.

2019-07-25_16-34-07

Click on Apply.

2019-07-25_16-34-26

The Azure AD synchronization happens every five minutes. It’s a one-way process, from SCCM to Azure AD.

Otherwise you can manually synchronize the collection to Azure AD, by right clicking on the collection and selecting Synchronize Membership (this is greyed out on collections that don’t have AAD Group Sync enabled)

2019-07-27_12-08-32

If I check the group in Azure AD, I can now see my collection members.

2019-07-25_17-05-03

Advertisements

Intune – Configure OneDrive Known Folder Move

Leave a reply

Intune recently released the setting in the Administrative Templates to redirect known folders to OneDrive for Business.

This post will show how you can quickly configure it, and the user experience.

Login to the Intune portal https://devicemanagement.microsoft.com and create a new Device Configuration profile. Select Windows 10 and later for the platform, and Administrative Templates for the profile type.

2019-07-12_10-41-15

Tip: there are many settings here. Use the search feature to make it easier.

2019-07-12_10-43-21

Set the “Silently move Windows known folders to OneDrive” by selecting Enaled and enter in your Tenant ID. See below how you get the tenant ID.

2019-07-12_10-45-33

To get your Tenant ID, go to Azure Active Directory, then Properties. Copy the Directory ID.

2019-07-12_10-46-02

Configure the other settings such as “Silently sign in users to the OneDrive sync client with their Windows credentials”

2019-07-12_10-52-39

Once you’re finished, don’t forget to assign the profile to your devices.

Here is an example of my Autopilot device applying the profile, and then the files appear on the desktop after OneDrive for Business has been configured.

OdFBKFM