Disable Azure AD Authentication for Onboarded Tenants
In ConfigMgr 2010, you can disable Azure AD authentication for tenants not associated with users and devices. This nice little feature was first introduced in ConfigMgr Technical preview 2010.2.
Now you can use this feature when you upgrade to Configuration Manager current branch version 2010.
When you onboard the Configuration Manager to Azure AD, it allows the site and clients to use modern authentication. The Azure AD device authentication is enabled on for all onboarded tenants by default.
If you have a separate tenant with no users and devices, the Azure AD authentication will still be enabled by default. Therefore in this case you can simply disable Azure AD authentication from Configuration Manager cloud management properties.
Configuration Manager 2010 comes with lots of new features and improvements over previous release. You can now upgrade your ConfigMgr version to 2010 using the 2010 upgrade guide.
Disable Azure AD authentication for Onboarded tenants
- Launch the Configuration Manager console, go to the Administration workspace.
- Expand Cloud Services and click the Azure Services node.
- Select the Configuration Manager Azure Service (Cloud Management). In the ribbon, select Properties.
- Click Applications tab. Select the option to Disable Azure Active Directory authentication for this tenant.
- Click Apply and OK to close the Cloud Management connection properties.
According to Microsoft, it can take up to 25 hours for this change to take effect on clients. However if you are testing this feature and wish to speed up this behavior, use the following steps.
- Restart the sms_executive service on the SCCM site server.
- Restart the ccmexec service (SMS Agent Host Service) on the client.
- Finally trigger the client schedule to refresh the default management point.
