Properties unavailable on Azure Services

BrandonM 71 Reputation points
2020-11-10T19:16:58.053+00:00

I just upgraded SCCM to 2006 and trying to setup Tenant attach. I already had Co-management configured prior to the upgrade, so I simply used the "Configure upload" section to setup Endpoint Manager admin center data upload. Everything seem to go through fine. I verified that I have a ConfigMgrSvc_xxxxxxxxxxxxxx app registered in my Azure AD with the necessary Microsoft Graph Directory Read permissions. In the SCCM console, I have verified that this application is registered under Azure Active Directory Tenants. Under Azure Services, I see there is a service added called "Cloud Attach" that I assume was added automatically by the Tenant attach process. However, when I select it, I do not have a Properties option to view/modify the configuration. I need to enable AAD User sync so that I can start leveraging the additional device management features in the Endpoint Manager admin center. I checked my user account in SCCM Assets and Compliance and see that the Azure AD tenant ID and User Id are not populated. My user accounts are synced from on-premise AD with Azure AD Connect. What am I missing? I just performed this configuration a few hours ago. Do I need to give it more time? Also, I looked over SMS_AZUREAD_DISCOVERY_AGENT.log and CMGatewaySyncUploadWorker.log, but nothing really sticking out there as a possible issue, though I am not sure what exactly to look for.
38846-azuresvcs.jpg

Microsoft Configuration Manager
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Jason Sandys 31,286 Reputation points Microsoft Employee
    2020-11-10T20:53:51.013+00:00

    The above (no properties on Cloud Attach) is normal and expected.

    To enable AAD User Discovery, you need to review the Discovery page on the properties of the Cloud Management item listed in Azure Services. You won't have this service unless you enable co-management itself though. If you are not seeing this item in the list of Azure service, you may not have sufficient permissions within ConfigMgr.

    0 comments No comments

  2. BrandonM 71 Reputation points
    2020-11-10T21:01:30.377+00:00

    Thanks Jason. I am not sure I follow. You are saying that I should see a Cloud Management item, besides Cloud Attach, under Azure Services? I have Full Administrator in ConfigMgr. I setup Co-management months ago and just enabled the Configure upload > "Upload to Microsoft Endpoint Manager admin center" option today.


  3. BrandonM 71 Reputation points
    2020-11-11T15:32:03.553+00:00

    I was about to open a support case, but I decided not to. Instead, I created another Cloud Management Azure Service just to see if it would sync AAD Users and that worked fine. Seems to me that there may be a bug with enabling Tenant Attach after Co-management has already been setup and I cannot justify using a support call for that. Support may just have me do what I already did on my own. In addition, our MS support contract is under another division at my company and I would have jump through all kinds of hoops just to get that opened.

    On a side note, I really like these new integrated features you get under the Endpoint Manager admin center. Totally worth setting up if you have a hybrid environment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.