Home

Windows 10 subscription activation with Office 365 using a 3rd party idp

%3CLINGO-SUB%20id%3D%22lingo-sub-390159%22%20slang%3D%22en-US%22%3EWindows%2010%20subscription%20activation%20with%20Office%20365%20using%20a%203rd%20party%20idp%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-390159%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWe%20are%20looking%20to%20move%20our%20customers%20who%20have%20an%20on-prem%20AD%20over%20to%20using%20Microsoft%20365%20and%20using%20the%20Windows%2010%20enterprise%20subscription%20for%20activation%20where%20the%20M365%20users%20activate%20the%20enterprise%20licence.%20I%20have%20got%20this%20working%20in%20our%20simpler%20scenario%20using%20Azure%20AD%20Connect%20to%20hybrid%20join%20on-prem%20AD%20computers%20and%20users%20to%20the%20AAD%20and%20setting%20the%20user%20UPN%20as%20the%20on-prem%20ADs%20are%20non-routable%20domains.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20now%20trying%20to%20get%20the%20subscription%20activation%20to%20work%20with%20an%20Office%20365%20tenancy%20which%20is%20federated%20with%20our%20own%20identity%20provider%20(we%20are%20a%203rd%20party%20idp%20that%20works%20with%20Office%20365%20and%20AAD).%20I%20have%20tried%20with%20users%20created%20and%20sync'd%20in%20the%20AAD%20via%20our%20idp%20and%20they%20appear%20to%20be%20correct%20in%20the%20AAD%20but%20windows%2010%20doesn't%20activate%20when%20the%20user%20logs%20on.%20The%20on-prem%20AD%20users%20have%20the%20UPN%20set%20correctly%20and%20I%20have%20configured%20Azure%20AD%20Connect%20to%20only%20sync%20an%20OU%20with%20computers%20and%20not%20any%20of%20the%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20experience%20of%20doing%20this%20with%20any%203rd%20party%20Idps%3F%20Is%20it%20possible%20or%20are%20there%20things%20we%20need%20to%20change%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ENigel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-390159%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-552860%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%20subscription%20activation%20with%20Office%20365%20using%20a%203rd%20party%20idp%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-552860%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20got%20this%20working%20now.%20There%20was%20a%20mis-configuration%20where%20the%20Active%20Directory%20SCP%20entry%20was%20left%20pointing%20to%20a%20previous%20Office%20365%20test%20domain%20so%20the%20computer%20was%20still%20Azure%20AD%20joined%20to%20this%20old%20Office%20365%20tenancy%20but%20Azure%20AD%20Connect%20had%20replicated%20it%20to%20the%20new%20Office%20365%20tenancy%20I%20was%20using%20and%20the%20computer%20showed%20up%20in%20there%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20the%20computer%20it%20is%20a%20good%20idea%20to%20use%20dsregcmd%20%2Fstatus%20and%20check%20the%20tenancy%20ID%20that%20it%20is%20joined%20to%20if%20you%20are%20having%20issues%20and%20have%20been%20used%20different%20tenancies.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENigel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-553576%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%20subscription%20activation%20with%20Office%20365%20using%20a%203rd%20party%20idp%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-553576%22%20slang%3D%22en-US%22%3EOh!%20Classic%20%3Aface_with_tears_of_joy%3A%3C%2Fimg%3E%20glad%20you%20figured%20that%20out!%20I%20made%20this%20one%20also%20actually%20but%20figured%20it%20out%20rather%20quickly%20fortunately%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-563917%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%20subscription%20activation%20with%20Office%20365%20using%20a%203rd%20party%20idp%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-563917%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20classic!%20It%20was%20confusing%20as%20the%20computer%20appeared%20in%20the%20Azure%20AD%20for%20one%20tenancy%20while%20really%20being%20joined%20to%20a%20different%20tenancy.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENigel%3C%2FP%3E%3C%2FLINGO-BODY%3E
Nigel Archer
Occasional Contributor

Hi,

We are looking to move our customers who have an on-prem AD over to using Microsoft 365 and using the Windows 10 enterprise subscription for activation where the M365 users activate the enterprise licence. I have got this working in our simpler scenario using Azure AD Connect to hybrid join on-prem AD computers and users to the AAD and setting the user UPN as the on-prem ADs are non-routable domains. 

 

I am now trying to get the subscription activation to work with an Office 365 tenancy which is federated with our own identity provider (we are a 3rd party idp that works with Office 365 and AAD). I have tried with users created and sync'd in the AAD via our idp and they appear to be correct in the AAD but windows 10 doesn't activate when the user logs on. The on-prem AD users have the UPN set correctly and I have configured Azure AD Connect to only sync an OU with computers and not any of the users. 

 

Does anyone have experience of doing this with any 3rd party Idps? Is it possible or are there things we need to change? 

 

Thanks,

Nigel

3 Replies

We have got this working now. There was a mis-configuration where the Active Directory SCP entry was left pointing to a previous Office 365 test domain so the computer was still Azure AD joined to this old Office 365 tenancy but Azure AD Connect had replicated it to the new Office 365 tenancy I was using and the computer showed up in there as well.

 

On the computer it is a good idea to use dsregcmd /status and check the tenancy ID that it is joined to if you are having issues and have been used different tenancies. 

 

Nigel

Highlighted
Oh! Classic :face_with_tears_of_joy: glad you figured that out! I made this one also actually but figured it out rather quickly fortunately

Yes classic! It was confusing as the computer appeared in the Azure AD for one tenancy while really being joined to a different tenancy. 

 

Nigel

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies