since March 1. Azure AD Premium and EMS (Enterprise Mobility Suite) are available without the need to having an Enterprise Agreement.
Instead you can simple buy them through Cloud Solution Provider or Open program.
Enterprise Mobility Suite contains Azure AD Premium, Microsoft Intune and Azure Rights Management Service.
Keep also in Mind that Azure AD Premium contains a complete licence for FIM 2010 / MIM
See Alex AD blog for more Information
In addition if you are a subscriber of Windows Azure Pack or have a Silver or Gold competence you will get access to licenses for Azure AD and EMS via your Internal Use Rights (IURs) benefits: See this accouncement for more information.
After some DirSync implementations one of my FIM customers has the need for mobile device management with Windows Intune. So it seems a perfect time to me for my first implementation of the AAD Connector for FIM 2010 R2.
The customer had the following special requirements:
- No Password Sync, instead using SSO with ADFS
- Minimalistic set of attributes on users in the cloud (Corporate and legal issues)
- Manual management of which user goes into the cloud or not (by helpdesk)
- Usage of proxy connection for all servers incl. FIM (no direct internet connect)
I searched the internet a bit for configuration of the WAAD connector, but the technical reference ends at the step of adding attribute flows and other posts are mostly for complex scenarios (hybrid, multi-forest and so on).
So once again I had to figure it out by myself and I decided to put my solution on here for this minimalistic implementation. I will skip the installation and configuration of ADFS and WAP, the Azure AD configuration and also the firewall/proxy configuration. There is a lot of documentation out there for this. Bit I will give the one or the other hint on some facts.
To setup your Azure/Intune for SSO with ADFS follow the guide in your Azure/Intune portal.
Continue reading “A minimalistic FIM AAD sync connector solution for Windows Intune”