Starting with version 2010, you can disable Microsoft Entra authentication in SCCM for tenants that are not associated with users or devices. If you aren’t using Microsoft Entra ID for co-management, you can disable it in SCCM.
Microsoft Entra ID allows you to link your users, devices, and applications across both cloud and on-premises environments. When you connect Configuration Manager to Microsoft Entra ID, the site and clients can use modern authentication.
By default, Microsoft Entra device authentication is enabled for all onboarded tenants, regardless of whether they have devices. If there aren’t any SCCM users or devices associated with the tenant, you can disable Microsoft Entra authentication.
Disable Microsoft Entra Authentication in SCCM for Tenant
Launch the Configuration Manager console. Go to Administration > Cloud Services and select the Azure Services node. Select the target connection of type Cloud Management. In the ribbon, select Properties.
On the Cloud Management Properties window, switch to the Applications tab. Select the option “Disable Microsoft Entra authentication for this tenant.” Click Apply and OK to save and close the connection properties.
After disabling the MS Entra authentication in Configuration Manager, it can take up to 25 hours for this change to take effect on clients. It is therefore recommended to make this change during the weekends to ensure it doesn’t affect clients during business hours.
To speed up this change in behavior, use the following steps:
- Restart the sms_executive service on the site server.
- Restart the ccmexec service on the client.
- Trigger the client schedule to refresh the default management point. For example, use the send schedule tool: SendSchedule {00000000-0000-0000-0000-000000000023}
Still Need Help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.