Taking Control: A Guide to Disabling Entra Authentication in SCCM

In this comprehensive guide, we will show you how to disable Microsoft Entra Authentication in SCCM. We’ll walk you through the process step-by-step, providing clear explanations and potential considerations.

Therefore, here is a quick step guide to Disable Microsoft Entra Authentication in SCCM for Tenant:

  • Launch the SCCM console
  • Navigate to Cloud Services
  • Select Azure Services
  • Choose the Cloud Management Connection
  • Disable Entra Authentication
  • Save the Changes

Nevertheless, it’s important to note that this is just a brief overview. Consequently, we encourage you to read further to get the detailed steps, as this blog post will guide you through disabling Microsoft Entra Authentication in SCCM in a clear and easy-to-follow way.  

How to disable Microsoft Entra Authentication in SCCM for Tenant ?

Microsoft Entra authentication (formerly Azure AD) simplifies device communication within SCCM. However, there might be situations where you need to turn it off for a specific tenant.

Therefore, here’s a detailed breakdown on how to disable Microsoft Entra authentication in SCCM:

Prerequisites:

  • SCCM Console Access: Firstly, you’ll need administrative privileges to access the SCCM console.
  • SCCM Version: Secondly, this process applies to SCCM versions 2010 and later.

Also Check: How to create Automatic Deployment Rule in SCCM ?

Detailed Steps to disable Microsoft Entra Authentication in SCCM for Tenant:

  • Launch the SCCM Console: To begin with, open the System Center Configuration Manager console on your computer.
  • Navigate to Cloud Services: Next, in the left-hand pane, navigate to Administration > Cloud Services.
  • Select Azure Services: Then, under Cloud Services, expand the tree and select Azure Services.
  • Choose the Cloud Management Connection: After that, right-click on the connection of type Cloud Management that you want to modify. Select Properties.
  • Disable Entra Authentication:  Subsequently, switch to the Applications tab within the connection properties window. Locate the option “Disable Microsoft Entra authentication for this tenant” and check the box next to it.
  • Save the Changes: Finally, click Apply and then OK to save the configuration changes and close the properties window.

Also Check: How to install SCCM Configuration Manager ?

Important Notes

  • Propagation Time: Firstly, it can take up to 25 hours for the changes to propagate and take effect on client devices. Therefore, consider making this change during off-peak hours to minimize disruption.
  • Speeding Up Propagation (Optional): Additionally, for testing purposes, you can potentially expedite the process by restarting the following services:
  • SCCM Site Server: Restart the sms_executive service.
  • Client Machines: Restart the ccmexec service (also known as SMS Agent Host Service). Subsequently, you can then trigger a client schedule refresh on the machines to update the default management point.  

Conclusion

In conclusion, disabling Microsoft Entra Authentication in SCCM is a straightforward process that can be crucial for various reasons. By following the steps outlined in this guide, you can effectively manage your SCCM environment according to your specific needs.

Moreover, remember to consider the propagation time and potential impact on your system before making changes. While this process offers more control over your authentication methods, it’s essential to ensure that alternative security measures are in place.

Furthermore, as with any significant system change, it’s advisable to test in a controlled environment first.

Ultimately, whether you’re troubleshooting, transitioning, or simplifying your setup, this guide equips you with the knowledge to confidently disable Entra Authentication in SCCM when necessary.

Reference:

Frequently Asked Question’s (FAQ’s)

What are the authentication methods for SCCM ?

SCCM offers various authentication methods for client communication with the server. The most secure option is Microsoft Entra Authentication (formerly Azure AD), ideal for modern devices and user-centric scenarios. Alternatively, you can use PKI certificates for added security or Configuration Manager site-issued tokens for basic device-only authentication.

How to configure Microsoft Azure ?

Microsoft Azure offers a vast array of services. To get started, visit the Azure portal (https://azure.microsoft.com/en-us/get-started/azure-portal) and sign in with your Microsoft account. There, you can explore various services, create new resources (like virtual machines or storage), and configure settings based on your specific needs.

What is a configuration manager in Azure ?

Azure itself doesn’t have a built-in “configuration manager.” However, Azure integrates with Microsoft Endpoint Manager, which can manage configurations for various devices (Windows, macOS, mobile) enrolled in Azure AD. You can also use Azure App Configuration to manage settings for your Azure apps.


Content Writer

Smith Ron, the writer at Assistme360. He has extensive experience in crafting straightforward, step-by-step guides for technical issues. His broad knowledge ensures accurate solutions. Kindly spare a moment to drop a comment down and express your opinions. Your feedback can be valuable in assisting others who may come across similar problems.


Leave a Comment