Windows MDM setup issue with custom domain
What
When configuring FileWave's Windows MDM integration with Microsoft Entra AD, and the On-premises MDM application is added to the Microsoft Entra tenant, attempting to add the URL of the FileWave server to the Expose an API blade results in an error message stating:
"Failed to update Application ID URI application property. Error detail: The Application ID URI must be from a verified domain within your organization’s directory."
When/Why
Microsoft instituted a breaking change in Microsoft Entra on 10/15/2021 to require the use of verified domains in all apps. See https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains for more information.
This change impacts customers using the On-premises MDM app from Microsoft in that the configuration of that app requires the URL of the FileWave server to be added to the Expose an API blade of the app. Previously, a FileWave SaaS environment, such as filewave.net could be added to the configuration. With this change, it is not possible to add an unverified domain.
Customer environments using the On-premises MDM app from Microsoft who had Microsoft Entra configured prior to the breaking change can continue to use that configuration as long as they do not attempt to change the URI on the Expose an API blade. Any new customer environments attempting to use the On-premises MDM app will not be able to use that app to integrate a FileWave SaaS tenant that has a filewave.net domain name with Microsoft Entra AD.
How
For customers who have a FileWave environment that is using a domain name of your own, you can continue to use the On-premises MDM app, but you need to verify ownership of your domain through Microsoft. The process for verifying ownership of a custom domain is documented at:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
Customers who are on a FileWave SaaS tenant that currently uses a filewave.net domain name, and did not setup Windows MDM prior to 10/15/2021 would need to migrate to a server that uses a domain name that you can control so that it can be added to your Microsoft Entra tenant.