When it comes to Azure AD integration within Workspace ONE UEM. The configuration is quite straight forward, however when we work on complex environment with a lot of different Active Directory, it can become complex as the source Anchor is going to change most of the time from objectGUID to mS-DS-ConsistencyGuid, which is also the best practice from Microsoft. If you are in this case, most likely the mS-DS-ConsistencyGuid won’t equal the objectGUID that why it is important to configure it properly.
To check the immutable ID/Source Anchor in Azure AD, check this post : How to check the Immutable ID/Source Anchor
Configure Azure AD Integration in Workspace ONE UEM
The configuration of the Azure integration have to be done at the same level as the Active Directory configuration.
1 – Open Workspace ONE UEM console, go to Groups & Settings then All Settings
2 – Navigate to System > Enterprise Integration > Directory Services
3 – Put Use Azure AD For Identity Services to Enabled
4 – Enter the Directory ID and Tenant Name. These informations are available in the Azure portal.
5 – In Immutable ID Mapping Attribute field put mS-DS-ConsistencyGuid, (case sensitive)
6 – Make sure that Mapping Attribute Data Type is at Binary
7 – Optional, this will force a sync now instead of waiting for the next Directory Sync, go to User tab, click on Advanced
8 – Scroll all the way down then click Sync Attributes
You won’t see the Immutable ID attribute within the console, it’s in the database, there is no access to it. If you really want to make sure, you can use the custom attributes to display it but as the attribute is in Binary, it will display weird characters.