Intune Certificate Connector Problem: Azure AD Sign-in

Matt Chapman 16 Reputation points
2022-08-19T17:33:30.477+00:00

Hello,

We are a government organization trying to configure the Intune Certificate Connector for use with PKCS certificates. Everything was going good until we got to the part where it asks us to sign in to Azure AD. When we go to log in to Azure AD in the cert. connector we choose the Intune for government cloud, then try to sign in with 3 different global admin accounts that have intune licenses assigned to them and they all say they're personal accounts and will not work. Then I tried to log in with my account that has Intune administrator privileges but Microsoft says it cannot find the account.

My first question, how can we go about having Microsoft see our global admin accounts as "organization" accounts as opposed to "personal" accounts. My second question, even though all of our accounts are in the Azure AD why does my account not exist according to Microsoft? I was following this doc: https://learn.microsoft.com/en-us/mem/intune/protect/certificate-connector-install and once I got to step 6. under "configure the certificate connector" we ran in to problems using any of our accounts. We made sure all of these accounts have Intune licenses and that our accounts are all synchronized from our local AD.

My manager said maybe it has something to do with our tenant not being linked to an Azure subscription because we just recently upgraded our licenses and he noticed we cannot do certain things like diagnostic logs. He also explained there may be some issues with account privileges if we do license our tenant (can anyone explain this?) but since it's been working we're not sure if the license was ever applied or just recently expired due to us upgrading our license from Office 365 to Microsoft 365 G3 GCC. Any ideas and help would be greatly appreciated!

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,704 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,290 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Matt Chapman 16 Reputation points
    2022-09-07T18:53:29.367+00:00

    Answer: I was using Government cloud to log in however only specific organizations are eligible for that (We are not one of them). Logging in via public commercial cloud was the fix even though we are a government organization with GCC licensing.

    1 person found this answer helpful.

  2. JimmySalian-2011 41,916 Reputation points
    2022-08-21T10:53:45.467+00:00

    Hi,

    I am assuming the upgrading of licenses might have caused this behaviour, can you provide information whether it was via third party provider or a MSP provider that upgraded the licenses for your tenant?

    As the GCC licenses are government linked and there are some rules, conditions to be fulfilled before they are activated and assigned, I will suggest you connect with your license provider and clarify the process.

    Note:Office 365 Government plans are available to (1) qualified government entities, including US federal, state, local, tribal, and territorial government entities, and (2) other entities (subject to validation of eligibility) who handle data subject to government regulations and requirements, where use of Office 365 Government is appropriate to meet these regulations and requirements.

    Alternatively please try this support link and select the region - support

    Please read this gcc

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  3. JamesTran-MSFT 36,351 Reputation points Microsoft Employee
    2022-08-23T22:01:31.527+00:00

    @Matt Chapman
    Thank you for your detailed post and I apologize for the delayed response!

    When it comes to your sign-in issues, since you've already made sure that you're using a Global Admin/Intune Admin, and the account has the Intune License assigned, can you also make sure the user account that you're logging in with is a synchronized account from your local Active Directory.For more info - Prerequisites for the Certificate Connector for Microsoft Intune

    To verify if the user you're logging in with was sync'd from on-prem:

    1. From Azure Active Directory
    2. Select the user you're trying to login with
    3. Open the user Properties to verify the On-Prem Data

    Note: You can also verify if the user is on-prem sync'd by adding the "On-premises immutable ID" column when viewing all users in your tenant.
    234147-image.png

    Prerequisites for the Certificate Connector for Microsoft Intune - Azure Active Directory User

    • Either a Global Admin or Intune Admin.
    • Has an Intune license assigned.
    • Is synchronized account from your local Active Directory.

    I've also added the mem-intune-general tag to this thread so their community can take a look into this issue as well.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.