locked
Can't use Office365 Admin Page with built in Active Directory Azure User for Intune RRS feed

  • Question

  • Hey Guys

    I'm completely new to Microsoft Azure and Microsoft Intune, and I'm trying to set up Intune for the first time now and connect it to my already existing Azure Active Directory.

    My main Azure-Account is a standard Outlook-Account, so I couldn't use that user (or I don't know how, it doesn't recognize the username shown in the Azure ID) to register for Intune, so I logged into Intune with a newly created user. I also gave him ALL roles at ones, since it's a test environment and doesn't matter.

    But unfortunately, If I want to add the Intune-Application in my Azure AD, the "Add" option is grayed out and it says that I have to register Intune.
    So I saw in another tutorial that you have to do some settings in the Office 365 Admin-Tool first. But when I'm trying to open the Admin-Tool with my newly created user, I get the error message "access denied".

    So I'm kinda confused...which Steps are missing here?

    So just as a summary, what I already did:

    1. Create an Azure Active Directory with my Outlook account

    2. Added a new user

    3. Registered Intune with this user

    Thanks for your help and sorry if the question's really basic but I'm trying to add Intune and I just don't see I'm missing...

    Cheers,

    Gabe

    Tuesday, February 11, 2020 4:26 PM

Answers

  • Hello Gabe, 

    When you created a azure AD with your outlook account the directory would be named accordingly. I mean if you used the outlook account abc@outlook.com to signup for Azure subscription the name of your associated azure active directory created by default would be abcoutlook.onmicrosoft.com . This applies if you have signed up for an azure subscription.

    If you have logged in to the azure portal using outlook account and manually created a azure Active directory after login in to azure portal then your account gets added to the directory as a global admin . Now Outlook account is a Personal account which cannot access all kind of services in the same way as a work or school account does. As you mentioned you created a new user in the Active directory which I am assuming will have a UPN of <user>@<tenantname>.onmicrosoft.com if you have no custom domain verified in the tenant.  You will get access denied while trying to add the Intune tool if you have not assigned global administrator role to this user. You just need to assign global admin role to this user and logon in a inprivate session with this user to Azure Portal. Once you try to add the Intune now you should be able to do so without any issue.

    Hope this clarifies your queries. In case the information provided helps , please mark this post as answer so that its helpful to others searching for similar queries. In case you have any further queries please do let us know and we will be happy to help. 

    Also we want to keep you informed that We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move! 

    In the future, you can ask and look for Azure Active Directory related questions here: 
    https://docs.microsoft.com/answers/topics/azure-active-directory.html 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    Friday, February 14, 2020 4:05 PM
    Owner

All replies

  • Hello Gabe, 

    When you created a azure AD with your outlook account the directory would be named accordingly. I mean if you used the outlook account abc@outlook.com to signup for Azure subscription the name of your associated azure active directory created by default would be abcoutlook.onmicrosoft.com . This applies if you have signed up for an azure subscription.

    If you have logged in to the azure portal using outlook account and manually created a azure Active directory after login in to azure portal then your account gets added to the directory as a global admin . Now Outlook account is a Personal account which cannot access all kind of services in the same way as a work or school account does. As you mentioned you created a new user in the Active directory which I am assuming will have a UPN of <user>@<tenantname>.onmicrosoft.com if you have no custom domain verified in the tenant.  You will get access denied while trying to add the Intune tool if you have not assigned global administrator role to this user. You just need to assign global admin role to this user and logon in a inprivate session with this user to Azure Portal. Once you try to add the Intune now you should be able to do so without any issue.

    Hope this clarifies your queries. In case the information provided helps , please mark this post as answer so that its helpful to others searching for similar queries. In case you have any further queries please do let us know and we will be happy to help. 

    Also we want to keep you informed that We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move! 

    In the future, you can ask and look for Azure Active Directory related questions here: 
    https://docs.microsoft.com/answers/topics/azure-active-directory.html 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    Friday, February 14, 2020 4:05 PM
    Owner
  • Hi Shashi

    Thanks for your reply. 

    I gave this user Global Admin Rights, but I'll check if I verified a custom domain in the tenant.

    And sorry, but what is an "inprivate" session? I try to access the Admin tools over portal.office.com


    Friday, February 14, 2020 4:27 PM
  • Okay, there seems to be another login for the intune services linked in the article, which is great...but I'll still can't access any settings menue.  Even though I gave both users Global admin rights AND Intune Admin rights.
    Friday, February 14, 2020 4:58 PM