Azure AD Autojoin for Business Store

cm ds 1 Reputation point
2021-01-15T21:10:32.85+00:00

Good evening,

I have a challenge regarding Azure Active Directory and I wonder, wether someone can help me with it.

My Client want's me to provide a prototype for a Microsoft Store for Business. As deployment platform we want to use Endpoint Configuration Manager.
I already set up a app registration inside our AAD and started synchronizing Apps. Deploying offline apps is already working. I have problems deploying online apps. According to Microsofts documentation I need a Azure AD (hybrid) joined device and a Azure AD user to install online apps from Business Store through ECM. In a testing environment I enabled Hybrid Azure Active Directory Join for devices and Pass Through Authentication for users. I configured our GPO's to join my testing devices to AAD.
With dsregcmd I confirmed that this works.
In our environment all users sign in with their On Premise AD Account and we'd like to keep it that way. Therefore installing online apps is not possible. As solution i tried adding a "Work Account" in Windows settings. After adding this account Application deployment works. Now my question is: Is it possible to automate this task that the Azure AD account is linked automatically? Or is there another way to deploy online apps through ECM?

I'm sorry if this question is a little confusing. I'm a Azure newbie. I appreciate any help. Thanks

Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
460 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jason Sandys 31,176 Reputation points Microsoft Employee
    2021-01-15T22:46:37.49+00:00

    Do the users also have a hybrid identity; i.e., are the on-prem AD user accounts also be synced to Azure AD using AAD Connect? If so, that is all that is required to deploy apps from the Microsoft Store for Business to users using ConfigMgr. No client-side configuration or logins are required.