Cloud Only account accessing Configmgr information for devices

Brass Contributor

In our current configuration, we separate our on-prem management and our cloud management accounts.  We have come across an issue with Endpoint Manager when we access any info that comes from ConfigMgr (Timeline, Collections, CMPivot, ect ect) due to a 401 error.

 

The reason why this happens is that our username@company.onmicrosoft.com does not have access to this data on-premise.  You need to grant a local account, username@company.com, access to pull this info.

 

I have tested that if our onprem account is granted access to endpoint manager, they can pull the information but I really do not want to have to train my team that you use your onmicrosoft.com for everything cloud, and then use your local account for Endpoint Manager.

 

Is there any way around this?

2 Replies
Hi,

You can’t use separate account for these functionnalities. It’s a prereq to use the same account for Configuration Manager and Admin Center.

https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-cmpivot#bkmk_noinfo
Which is a poor design IMO, if you separate your accounts for security purposes. I was aware of the limitation, was wondering if anyone was able to overcome it.