3.4 ZENworks Agent Login using Azure AD

This section provides information on some of the agent-related features that ZENworks administrators can use as an Azure AD user.

Refer to the following sections to know the agent-related features:

3.4.1 Azure AD Login Flow

  1. When you log into the ZENworks agent, a parent screen is displayed in which the Azure AD user details are displayed.

  2. In this screen, Click Continue.

  3. In the Microsoft Pick an account screen, select the same user that was displayed in the previous screen.

    NOTE:If any other user account is selected or added in the Microsoft Pick an account screen, then an error screen will be displayed.

  4. If prompted, specify the Microsoft user credentials.

3.4.2 Customizing the Message Displayed in the ZENworks Agent Azure Login Screen

As a ZENworks administrator, you can customize the message that is displayed on the Azure AD login screen.

To customize, you can either add a registry key to the device or create a bundle with Action - Registry Edit and assign it to the required devices.

Following are the registry key details:

  1. In the HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM path, create a new registry key with String Value and specify the following details:

    • String Value: AZURE_AGENT_LOGIN_TEXT

    • In the Value data field, specify the message that should be displayed on the login screen.

  2. After the key is set on the agent, ensure that you log out and log in again from the device.

3.4.3 Customizing the Error Message Displayed in the ZENworks Agent Azure Login Screen

As a ZENworks administrator, you can customize the error message that is displayed in the Azure AD login screen when you select different users in ZENworks and Microsoft.

To customize, you can either add a registry key to the device or create a bundle with Action - Registry Edit and assign it to the required devices.

In the HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM path, create a new registry key with String Value and specify the following name:

  • String Value: AZURE_AGENT_ERROR_TEXT

  • In the Value data field, specify the message that should be displayed as an error message.

After the key is set on the agent, ensure that you log out and log in again from the device.

3.4.4 Disabling the Azure AD Login on Managed Devices

On a ZENworks agent, you have the option to disable logging into the device using Azure AD credentials.

At the zone, group, folder, or device level, the Azure AD login can be disabled by adding the DISABLE_AZURE_USER_LOGIN system variable.

Perform the following steps to disable the Azure AD login (at zone level):

  1. In ZCC, go to Configuration, Management Zone Settings > Device Management > System Variables.

  2. In the System Variables panel, click Add and specify the following:

    • Name: DISABLE_AZURE_USER_LOGIN

    • Value: true

    • Type: String

  3. Click Apply.

  4. Refresh the device.

    NOTE:The settings will be effective after logging out (Windows logout) and logging into the device.

3.4.5 Azure AD Login for Users Migrated from Other Domains (Hybrid AD)

When you create a user in the Azure portal, the domain name might be <your_name>.onmicrosoft.com or any custom domain name. However, when a user is migrated from an on-premises user source to Azure AD, the domain name is retained, and users might not be detected or unable to log into the devices using Azure AD credentials.

To overcome this issue, as an administrator, create a new registry key with a string value and specify the following details:

  • Location: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn

  • Registry key: AlternateAzureDomain

  • Registry key value: LDAP source name

Example: If the LDAP source name was RRTQAD, the same would be the value for this registry key.

IMPORTANT:The registry key should be set only on the Azure AD-joined Device on which the migrated user logs in.