cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding AAD integration for a subset of users

mytechnerdca
Copper Contributor

‎May 25 2023 11:28 AM

‎May 25 2023 11:28 AM

Adding AAD integration for a subset of users

Hi,

 

I hope I'm posting in the right place. I wasn't even sure what to search for, so I'll give a detailed explanation.

 

I recently took over a client directly I've been doing onsite support for through a subcontract for many years (the other provider's business has evolved and smaller clients no longer fit with their business).

 

They had an on-prem Windows 2016 Standard DC. Unfortunately, as the internal discussions about transitioning smaller client's to my business were going on, the client suffered a ransomware attack. I've cleaned that up, client is operational, however, I chose not to rebuild the DC, so they are currently not running with a DC. For less than 10 PCs, this isn't a problem for me.

 

The do have M365 email provided through the New York franchise of the company (I support only the Toronto franchise, separate corporate entities). So I don't have direct control of their domain, DNS, or M365/Azure services. Their M365 accounts, and thus Azure Active Directory are part of the New York offices responsibility and control. I can work with this for most issues. However, I'm looking at setting the client up with JumpCloud and would like to sync to Azure Active Directory, however, I'm not sure how this would work.

 

Ideally, their users would be grouped separately in AAD from the New York and other city franchises and I could be given an admin account with only access to these accounts and other appropriate permissions, and then could integrate some/most 3rd party services including JumpCloud. This would allow the proper integration and prevent JumpCloud from seeing other users and only see the Toronto users. I don't even know if this is possible, even in some way. I believe that, as long as the work required to set this up is minimal, the New York IT team will work with me to set this up. I don't even need M365/AAD admin rights after initial setup and integration probably to be honest.

 

It would be possible to set up a subdomain (say tor.example.com) and assign the Toronto users aliases with this subdomain (but with the apex domain remaining the primary ID), if this facilitates the above need.

 

Separating the M365 tenants likely isn't possible (or would get quite complicated) because of the need to use the existing domain name.

 

 

Hopefully I've give enough detail and asked the right questions.

Any and all suggestions and help is much appreciated.

 

thanks in advance,

Daniel

27.6K Views
0 Likes
1 Reply
Reply
1 Reply
Kidd_Ip

‎May 26 2023 08:26 PM

‎May 26 2023 08:26 PM

Re: Adding AAD integration for a subset of users

@mytechnerdca 

May I know you would like to handle in Email Domain or AD Domain level?

0 Likes
Reply