Configuring Azure Active Directory join from Microsoft 365 application

Edit online

You can configure Azure Active Directory join from Microsoft 365 application in the IBM® Verify administration console.

Before you begin

Configure Azure Active Directory join to register the Windows device as a trusted device and access Azure™ protected services seamlessly. Add the Microsoft 365 application to IBM Verify and configure single sign-on for Microsoft 365 by using WS-Federation after you configure Azure Active Directory.
  • Configure the device settings in the Azure portal to register your devices with Azure Active Directory. For more information on configuring device settings, see Manage device identities by using the Azure portal.
  • Create a custom domain in the Azure portal and verify that the custom domain is valid in the Azure Active Directory. For more information on creating a custom domain, see Add your custom domain name using the Azure Active Directory portal.
  • Set up a federated Azure Active Directory custom domain with IBM Verify. The following federation service end points are provided by IBM Verify:
    Endpoint Example
    IssuerUri https://<tenant-hostname>/wsf/sps/wsfedip/wsf
    PassiveLogOnUri https://<tenant-hostname>/wsf/sps/wsfedip/wsf
    ActiveLogOnUri https://<tenant-hostname>/wst/SecurityTokenService13
    MetadataExchangeUri https://<tenant-hostname>/wsf/sps/mex
    LogOffUri https://<tenant-hostname>/idaas/mtfim/sps/idaas/logout
  • Select the attribute from the IBM Verify user account that is used as ImmutableID in Azure Active Directory and provision users into Azure Active Directory.

For more information on Azure Active Directory join, see Plan your Azure Active Directory join implementation.