Forum Discussion

Dman74's avatar
Dman74
Copper Contributor
Jun 01, 2022

Intune with G suite

Hi all, 

 

I have a Gsuite house that wants to use Intune as their MDM solution for mobiles. what would be the process here, would i stand up a new Intune tenancy and simply invite them as users in Azure AD/ Intune so they still use their existing G suite creds and license accordingly or do I need to run the Gsuite MS connector for SSO?

 

thanks all

  • Oktay Sari's avatar
    Oktay Sari
    Iron Contributor

    Dman74 I'm not aware of a migration path from G suite to Intune. Are the devices being managed by Google Workspace MDM? If so, the only route I know off is unenrollment/wipe from Google Workspace MDM and enroll with Intune.

     

    However, you will need to have licensed users in Azure AD. Depending on the features you need, the license requirements may be different.  See this doc for more info on licenses.

     

    Also have a look at Azure AD SSO integration with Google if you didn't already.

     

    • Dman74's avatar
      Dman74
      Copper Contributor
      thank you @oktay, the users are currently unmanaged so no MDM in place at all hence the reason for using Intune. I guess its more around the identity piece, if they dont exist in Azure AD and only use G suite how would that work. It is just a case of using the Azure AD SSO integration as you rightly posted and happy days... they use there normal g suite creds but appear as members in Intune not guests?
      • Oktay Sari's avatar
        Oktay Sari
        Iron Contributor

        Dman74 yep, it's about the identity part. If the user accounts don't exist in Azure, you cannot assign licenses and therefore also cannot MDM enroll devices.

         

        The SSO integration enables you to do a couple of things (copy/paste):

        • Control in Azure AD who has access to Google Cloud / G Suite Connector by Microsoft.
        • Enable your users to be automatically signed-in to Google Cloud / G Suite Connector by Microsoft with their Azure AD accounts.
        • Manage your accounts in one central location - the Azure portal.

        So the SSO simply enables Azure AD users to do SSO when signing in to Google with a Azure account. From what I understand reading the documentation at Google, It seems to me that you will have to create user accounts in Azure and map them with accounts in Google workspace (by email address or by UPN)

         

        I would test this in a test tenant to make sure it works like you want. 

         

        Hope this helps.

Resources