Forum Discussion
Intune with G suite
Dman74 I'm not aware of a migration path from G suite to Intune. Are the devices being managed by Google Workspace MDM? If so, the only route I know off is unenrollment/wipe from Google Workspace MDM and enroll with Intune.
However, you will need to have licensed users in Azure AD. Depending on the features you need, the license requirements may be different. See https://docs.microsoft.com/en-us/mem/intune/fundamentals/licenses#microsoft-intune for more info on licenses.
Also have a look at https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorialif you didn't already.
Dman74 yep, it's about the identity part. If the user accounts don't exist in Azure, you cannot assign licenses and therefore also cannot MDM enroll devices.
The SSO integration enables you to do a couple of things (copy/paste):
- Control in Azure AD who has access to Google Cloud / G Suite Connector by Microsoft.
- Enable your users to be automatically signed-in to Google Cloud / G Suite Connector by Microsoft with their Azure AD accounts.
- Manage your accounts in one central location - the Azure portal.
So the SSO simply enables Azure AD users to do SSO when signing in to Google with a Azure account. From what I understand reading the https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on, It seems to me that you will have to create user accounts in Azure and map them with accounts in Google workspace (by email address or by UPN)
I would test this in a test tenant to make sure it works like you want.
Hope this helps.
- thanks bud, So just to confirm at the very least the g suite users will need accounts setup from new in Azure AD irrespective of whether I add SSO capability
- as i have a gsuite user that's been invited - so appearing in Azure Ad as a guest. I've also applied the relevant license but i cant enrol to intune with their @gmail.com as it says i cant enrol with a personal account