Connect
Ask Community
Ask the community
Ask Community

Microsoft entra ID not syncing users to hexnodeSolved

Profile photo of boris
boris
Participant
Discussion
Hexnode UEM
7 months ago Jul 12, 2025

We’re currently syncing users from Microsoft entra ID into hexnode, and while the integration appeared to work during initial testing, newly created users are no longer being added. 

There are no visible errors or warnings in either console, which makes troubleshooting difficult. During testing, we also seem to have reached the sync limit, so additional attempts have not produced any change. 

At this point, we suspect this may be related to permission or consent configuration on the Entra ID side. Is there a recommended way to trigger a full or clean re-sync, and are there any common consent or configuration issues that typically cause new users to stop syncing into Hexnode? 

Any guidance would be appreciated. 

topic view count 21 Views

Tags

Microsoft Entra ID (6)
Reply

Replies (1)

Marked SolutionPending Review
Profile photo of edenpierce Hexnode Expert image
edenpierce
Hexnode Expert
7 months ago Jul 12, 2025
Marked SolutionPending Review

Hi @boris,

Thank you for reaching out.

I understand why this can be confusing, especially since the sync process itself does not always surface clear error messages.

In most scenarios where newly, created users are not added to Hexnode, the issue is related to consent permissions configured in Microsoft Entra ID rather than the synchronization mechanism itself.

For Microsoft Entra ID users to successfully sync and enroll their devices in Hexnode UEM, the Hexnode Azure Directory Services integration requires the following consent permissions:

  • profile – View users’ basic profile
  • offline_access – Maintain access to granted data
  • email – View users’ email address
  • openid – Sign users in
  • User.ReadBasic.All – Sign in and read user profile

If the Microsoft Entra ID administrator has configured User consent settings to “Do not allow user consent”, users will be unable to grant these required permissions during enrollment. In such cases, admin consent is mandatory, and users without administrative privileges will fail to enroll or sync into Hexnode, even though the directory integration may appear to be configured correctly.

To resolve this, please review the following setting:

  • Microsoft Entra ID > Enterprise applications > Consent and permissions

Configure User consent to one of the following options:

  • Allow user consent for apps, or
  • Allow user consent for apps from verified publishers, for selected permissions 

If the “Allow user consent for apps from verified publishers, for selected permissions” option is selected, additional configuration is required. The administrator must explicitly enable the necessary permissions so that users are allowed to consent on behalf of the organization.

To do this:

  1. Navigate to Microsoft Entra ID > Enterprise applications > Consent and permissions > Permission classifications (preview).
  2. Select + Add permissions.
  3. Choose Microsoft APIs > Microsoft Graph.
  4. Enable the required permissions listed above.

Once the appropriate consent permissions are configured, user synchronization and enrollment should proceed as expected without requiring further changes on the Hexnode side.

Please feel free to reach out if you have any additional questions or need further clarification.

Best regards,
Eden Pierce
Hexnode

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1775 pts
Profile photo of timo-liam Veteran image
timo-liam
1200 pts
Profile photo of leo_scott Novice image
leo_scott
1162 pts
Profile photo of boris Veteran image
boris
1079 pts
Profile photo of remi Veteran image
remi
1075 pts
View all

Popular Tags

ABM (47)
Android (432)
iOS (346)
macOS (449)
Windows (310)
Apple TV (30)
App Management (332)
Enrollment (96)
Location (27)
Kiosk (207)
Scripts (87)
ADE (45)
OS Updates (77)
Android Enterprise (126)
View all