Integrating Microsoft Entra ID with LDO

Integrating Microsoft Entra ID with LDO


  1. Navigate to the Microsoft Azure Portal.
  2. Proceed to Microsoft Entra ID > App registrations and select New registration.
  3. Register a new application. Securely note the following generated values:
    1. Application (client) ID
    2. Directory (tenant) ID
  4. Generate a Client Secret for authentication.
  5. Configure a Redirect URI (platform: Web) as provided by Lenovo.
  6. Grant the necessary Microsoft Graph API permissions (e.g., DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All) to the application and grant admin consent.

Configure the Microsoft Intune Connector in LDO

  1. In the LDO console, navigate to Policy Management > Feature Settings > Connectors.
  2. Locate and select Manage Connector for Microsoft Intune.
  3. In the configuration pane, enter the following credentials:
    1. Directory ID (Tenant ID)
    2. Application ID (Client ID)
    3. Client Secret
  4. Select Connect to establish the integration.

Synchronize Microsoft Intune Groups

  1. From either Policy Management or Device Management in LDO, select the option to Sync Intune Groups.
  2. A list of available groups from Intune will be displayed (up to 100 groups).
  3. Select the desired groups and initiate synchronization.
Alert
This process creates the group structure within LDO but does not synchronize individual member details.

Enroll and Configure Devices in Microsoft Intune

  1. Ensure the Company Portal app is installed on the target Windows devices.
  2. Instruct users to sign into the Company Portal with their corporate credentials and complete the enrollment process.
  3. Verify that the devices appear as successfully enrolled in the Microsoft Intune admin center. Please allow up to 30 minutes for the enrollment status to propagate.

Deploy the Lenovo UDC Provisioning Pack via Intune

  1. Within the Lenovo Device Orchestration portal, download the UDC provisioning pack (organization-setup.intunewin).
  2. In the Microsoft Intune admin center, add a new Windows app of the Win32 type.
  3. Upload the organization-setup.intunewin file.
  4. Configure the installation settings:
    1. Install command: install.cmd
    2. Uninstall command: uninstall.cmd
  5. Configure the detection rules to ensure accurate installation reporting. Assign the application to the required device groups.

Onboard Devices to Lenovo Device Orchestration

  1. In the Lenovo Device Orchestration portal, navigate to the device onboarding section.
  2. Enter the App ID from the relevant Intune application deployment.
  3. Select the target devices for onboarding.
  4. The device status will initially appear as Pending. Once the UDC provisioning pack is successfully installed and registers with the LDO service, the status will change to Onboarded.
Notes
  1. Provisioning Pack Validity: The generated Lenovo UDC provisioning pack is currently valid for 24 hours. This duration is subject to change in future releases.
  2. Synchronization Timing: Synchronization of data between Microsoft Intune and Lenovo Device Orchestration typically occurs within 10 to 30 minutes. In larger environments, this process may take longer.
  3. Pre-claimed Devices: Devices that were already claimed directly in Lenovo Device Orchestration prior to their enrollment in Microsoft Intune may not onboard successfully through this process. It is recommended to use a unified enrollment path.

    • Related Articles

    • Configuring Entra ID for LDO SSO

      This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. ...

    • Migrating LDO to Microsoft Entra

      This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. ...

    • LDO DEX (SysTrack)

      Lenovo Device Orchestration can be bundled with various Digital Experience Management (DEX) solutions. Currently, LDO supports integration with SysTrack by Lakeside Software. Integrations with SysTrack The LDO DEX (SysTrack) bundled solution includes ...

    • Deploying Lenovo Device Orchestration Agent in Intune

      This article provides instructions for creating an Intune application to deploy the Lenovo Device Orchestration Agent. Download the LDO Agent and set the expiry date of the agent. In the LDO console, go to Device Management > Devices. Click on the ...

    • Setting Up LDO ServiceNow Integration

      Prerequisites Before configuring the integration between LDO and ServiceNow, ensure the following prerequisites are met to establish proper synchronization: Terminology Alignment In LDO, a physical device (such as a laptop, desktop, or server) is ...