Skip to main content

Windows MDM setup issue with custom domain

What

When configuring FileWave's Windows MDM integration with Azure AD, and the On-premises MDM application is added to the Azure tenant, attempting to add the URL of the FileWave server to the Expose an API blade results in an error message stating:

"Failed to update Application ID URI application property. Error detail: The Application ID URI must be from a verified domain within your organization’s directory."

When/Why

Microsoft instituted a breaking change in Azure on 10/15/2021 to require the use of verified domains in all apps. See https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains for more information.

This change impacts customers using the On-premises MDM app from Microsoft in that the configuration of that app requires the URL of the FileWave server to be added to the Expose an API blade of the app. Previously, a FileWave SaaS environment, such as filewave.net could be added to the configuration. With this change, it is not possible to add an unverified domain.

Customer environments using the On-premises MDM app from Microsoft who had Azure configured prior to the breaking change can continue to use that configuration as long as they do not attempt to change the URI on the Expose an API blade.  Any new customer environments attempting to use the On-premises MDM app will not be able to use that app to integrate a FileWave SaaS tenant that has a filewave.net domain name with Azure AD.

How

For customers who have a FileWave environment that is using a domain name of your own, you can continue to use the On-premises MDM app, but you need to verify ownership of your domain through Microsoft.  The process for verifying ownership of a custom domain is documented at:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain 

Customers who are on a FileWave SaaS tenant that currently uses a filewave.net domain name, and did not setup Windows MDM prior to 10/15/2021 would need to migrate to a server that uses a domain name that you can control so that it can be added to your Azure tenant.