Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

AAD

Create a new Azure AD directory in the same tenant

In your Azure/Office 365 tenant you may have several separate directories. You may also have custom domains but they will initially belong to a specific Azure AD.

An Azure AD directory is identified by the *.onmicrosoft.com

Here is how you create multiple Azure AD directories in the same tenant:

  1. Navigate to Azure AD Blade
  2. Click Create new directory
  3. Fill in information and select the correct country
  4. Click create and wait a bit
  5. Then click to manage your new directory
  6. Add custom domains if you need or just sync your new domain with dirsync

You may now add users or set up a separate domain sync. Or even custom domains.

This user catalog is separate and users need to be invited or added. Only one user will be present and that is the admin user that you were logged on with.

Advertisements

Hide Azure Active Directory from users

If any user in your organization decides to start using azure he/she by default can log in at https://portal.azure.com and view the entire AAD catalog with object details. The user can also start to spin up resources and invite guest users.

First to hide the portal resources for your organization:

Now you can have hidden your org resources from all other users in the azure portal.

Next you may want to review the guest invitation permissions so users can not invite external users into your organization.

Review the settings here. Don’t be too strict.

Shared devices (Roaming Profiles) with Microsoft Intune

When you have more users than devices or users share devices and you only have Azure Active Directory the ability to switch users work a bit differently.

The first user that you enroll with will be an Administrator, all subsequent users will be a Standard users.

Microsoft Intune will block  any user to enroll a multitude of devices. The limit is set in Azure Active Direcory at 20 Devices. You can change this.

To do this keep in mind that you need to be an Administrator:

Navigate to: http://manage.windowsazure.com

ad

configure
Click Configure

Screenshot (1)
Select the number of devices you want the users to enroll

 

 

That is it. This user can now enroll an 1000 devices. on this domain

Blog at WordPress.com.

Up ↑

%d bloggers like this: