AAD tenant problem for token registration for usage with CMG

David 1 Reputation point
2020-08-20T18:11:44.443+00:00

We have Office 365 and use AD Connect to on sync our on premise user and device objects to an AAD tenant in Office 365.

We have another AAD tenant in Azure which only has user objects to log onto the Azure portal (I still don't know if this additional tenant is an abnormal setup).  
In ccmsetup.log we have:
Skipping tenant '9BC [Azure portal AAD]' as it's not matching the joined tenant 'e78 [Office 365 AAD]'
Persisted AAD on-boarding info. ccmsetup            20/08/2020 18:13:57       17352 (0x43C8)
We have set sccm clients to register as hybrid Azure AD joined devices which they do in the Office 365 AAD tenant.

The adaloperationprovider.log is not created since the failure was detected during ccmsetup.  Neither are there ccmsetup.log entries attempting to register device or user tokens. : https://video2.skills-academy.com/en-us/mem/configmgr/core/clients/manage/azure-ccmsetup

This has been batted around by sccm support and azure AAD support for a month now - hoping someone could suggest a way forward
One idea being considered: Do we need to use AD Connect to sync objects to Azure AAD tenant too?  I'm thinking this won't fix the error message since no registrations are attempted

Thanks
David

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,115 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. LarryZhou-MSFT 246 Reputation points
    2020-08-21T07:07:57.013+00:00

    Hi,

    Configuration Manager's Azure service for Cloud management supports multiple tenants. Multiple Configuration Manager sites can connect to the same tenant. A single site can deploy multiple CMG services into different subscriptions. Multiple sites can deploy CMG services into the same subscription. Configuration Manager provides flexibility depending upon your environment and business requirements.
    For more information, see the following FAQ: Do the user accounts have to be in the same Azure AD tenant as the tenant associated with the subscription that hosts the CMG cloud service?
    https://video2.skills-academy.com/en-us/mem/configmgr/core/clients/manage/cmg/cloud-management-gateway-faq#bkmk_tenant

    I hope the above information is helpful to you.

    If the response is helpful, please click "Accept Answer" and upvote it.

    Best regards,
    Larry

    0 comments
  2. David 1 Reputation point
    2020-08-21T10:01:07.887+00:00

    Thanks Larry
    Maybe I don't understand AAD but the AAD in Office 365 isn't visible in Azure portal so I can't deploy multiple CMG services to connect to it.
    Can I expose my Office 365 AAD in my azure portal?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.