Peter van der Woude Posted November 5, 2014 Report post Posted November 5, 2014 In the first part of this blog series I went through the introduction and the prerequisites, in the second part I went through the installation and configuration of AD FS and in the third part I went through the directory synchronization. This fourth part of the blog series will finally be about ConfigMgr and Microsoft Intune. During this part the last configurations will be done to get the required UPNs to ConfigMgr and to synchronize this information to Microsoft Intune.Synchronize new UPN to ConfigMgrTo correctly synchronize the correct user information via Microsoft Intune, it is required to discover the most recent UPN changes to the users. Open the Configuration Manager console and navigate to Administration > Overview > Hierarchy Configuration > Discovery Methods, right-click Active Directory User Discovery and select Run Full Discovery Now.Create a Microsoft Intune collectionTo allow user to enroll their mobile device through Microsoft Intune it’s required to specify which user are allowed to perform this action. This is done by specifying a collection during the configuration of the Microsoft Intune connector. First we need to create this collection. Open the Configuration Manager console and navigate to Assets and Compliance > Overview, right-click User Collections and select Create User Collection. The Create User Collection Wizard will show. Provide a name like All Microsoft Intune Users and limit the collection to the All Users collection. Walk through the wizard and simply add a few users that a required to enroll their devices through Microsoft Intune. Add Windows Intune SubscriptionTo integrate Microsoft Intune with ConfigMgr it’s required to add the subscription to ConfigMgr. Open the Configuration Manager console and navigate to Administration > Overview > Cloud Services, right-click Windows Intune Subscriptions and select Add Windows Intune Subscription. The Create Windows Intune Subscription Wizard will show. On the Getting started page, click Next. On the Windows Intune Subscription page, click Sign In. In the Set the Mobile Device Management Authority dialog box, select I understand.. and click OK. In the Subscription dialog box, specify the Microsoft Intune subscription details and click Sign In. Back on the Windows Intune Subscription page, click Next. On the General Configuration page, select the collection All Microsoft Intune Users (created in the previous step), provide some company details, specify the site code and click Next. On the Platforms page, click Next. On the Company Contact Information page, specify the contact details of the company and click Next. On the Company Logo page, click Next. On the Summary page, click Next. On the Completion page, click Close. Add the Windows Intune Connector roleTo connect Microsoft Intune with ConfigMgr the last step is to install the Windows Intune Connector. Open the Configuration Manager console and navigate to Administration > Overview > Site Configuration > Servers and Site System Roles, right-click \\<PrimairySiteServer> and select Add Site System Roles. On the General page, click Next. On the Proxy page, click Next. On the System Role Selection page, select the Windows Intune Connector and click Next. On the Summary page, click Next. On the Completion page, click Close. Verify the Single Sign-On in Microsoft IntuneAfter integrating Microsoft Intune and ConfigMgr the last step is to verify that it’s all working. On a Windows device navigate to PC Settings > Network > Workplace and provide the on-premises credentials of a user that is a member of the All Microsoft Intune Users collection. Notice that this will also redirect to the on-premises AD FS for verifying the credentials. Notice after that a successful enrollment with the on-premises credentials. Quote Share this post Link to post Share on other sites More sharing options...