With the release of Citrix XenMobile 10.3, we are providing integration with Azure Active Directory (Azure AD) to modernize enterprise mobility on Windows 10.
With this integration, we are simplifying the MDM enrollment flow for Windows 10 devices. When a user joins their Windows 10 device to Azure AD, it will automatically be enrolled with a management server (i.e. Citrix XenMobile).
A user can enroll their Windows 10 devices to Citrix XenMobile as part of the Azure AD join flow. Azure AD join can done in the following 3 ways:
- Out-of-the-box while setting up Windows 10
- From the Settings wizard after the device has been set up
- From Add Work Account on a user’s personal device (Currently this flow is still under construction and the user will be presented with an error message)
The steps below provide a guide to enable an IT admin to bind Azure AD with Citrix XenMobile:
- An IT admin needs Azure active directory premium license (not Azure subscription) to enable binding of Management Server with Azure AD. For pricing you can refer to this link
- Once you own an Azure AD account you login to the Azure AD portal and perform the following steps
- When you just create an account you are provided a default onmicrosoft.com domain (something like mycompany.onmicroft.com). If you own a custom domain you can follow the steps in this Refer to the “How can I add my own domain” section in particular.
- The next step is to set up Azure AD as your identity provider. To accomplish this you need to extend your LDAP to Azure Active Directory using directory integration tools provided by Microsoft. You can find more information about this step in this article and more information about directory integration tools in this article
- The next step is to bind a reliable MDM provider like Citrix XenMobile with Azure AD. We will be describing the steps involved in the next section
Binding Citrix XenMobile with Azure AD
- In your Azure AD portal, choose Applications à Add an application from the gallery
- Yow will be presented with a list of applications. Choose the category Mobile Device Management and under that choose on-prem application. (Choose on-prem application even of you signed up for Citrix XenMobile cloud because in Microsoft terminology, any non-multi-tenant application is an on-prem MDM application) Give it a suitable name (eg. Citrix-mdm) and save it.
- Once you save it you need to configure your on prem MDM application
- You need to configure
- MDM enrollment url
- Terms and Resources URL (MDM enrollment url suffixed with /tou)
- Keys (generate the secret key and store it. This key will be used while binding on the MDM server)
- Change the App ID Uri to be the FQDN of your MDM server suffixed with the management port (8443 by default unless custom configured)
- Also in the same wizard page, in the section “Manage devices for these devices” choose the appropriate option to enable device management for All Users or for a specific group.
- Once you save these configurations login to the Citrix XenMobile console and under Settings choose Windows Azure.
- You will be presented with a wizard page. In the figure below you can see a side by side comparison of the information on Azure that needs to be entered into Citrix XenMobile console.
- The last step is to upload the terms and conditions to the Citrix XenMobile console so that it can be presented to the user as a part of AAD join and MDM enrollment. Note that uploading the terms and conditions is a mandatory step to do MDM enrollment as part of Azure AD join.
- You need to have your formatted terms and condition document in .txt format
- You also require your company logo in one of the following sizes (45 x 45 or 150 x 122 or 215 x 215) in png format.
- You can create multiple terms and condition policy to upload terms and condition document in various languages and assign them to respective user groups. But make at least one of them as the default terms and condition.
Once you have followed the above steps your MDM instance is now integrated with Azure AD and your users will be enrolled with MDM automatically when they join Azure AD from their Windows 10 devices.
This is just the beginning of the fantastic feature set that Citrix XenMobile team plans to bring out with Microsoft Azure team.