Making hybrid identity simple with Azure AD Connect

As mentioned in my previous post I’m in Redmond (WA) to join the Enterprise Mobility deep dive airlift. During my three-day stay I’ll listen, learn and getting inspired of all cool stuff Enterprise Mobility has to offer. On the first day we covered the hybrid identity part of EMS which means – Azure AD Connect, Azure AD Premium – which provided a lot of new insights and key takeaways.

image

Continue reading “Making hybrid identity simple with Azure AD Connect”

Get in touch with the Microsoft Enterprise Mobility Suite ‘blackbelt’s’ and drop your feedback!

we-started-our-day-at-building-33-which-is-next-to-building-34-which-is-where-ceo-steve-ballmer-works

I’m very excited having the opportunity to meet the product teams on Enterprise Mobility Suite (EMS) during a 4-day stay in Redmond (WA) next week! As my employer Inovativ is participating in the Red Carpet Program we’re invited to join the Enterprise Mobility airlift. An airlift is an event which outlines new features being released in a new wave/product release. This airlift includes deep dive sessions on Azure AD Premium, Microsoft Intune and Azure RMS. As Microsoft Partner we’ll be lined up with the latest technology and have the chance to discuss and provide feedback on the components involved with the Enterprise Mobility Suite.

Further I’m looking foward to meet some community friends in person like Mr. ‘IoT’ and ‘Enterprise Mobility’ Rob Tiffany. I let me assure that the coffee is ready at Satya’s office ;-)

So I challenge you to collect your best feedback and questions on Azure AD Premium, Microsoft Intune, Azure Rights Management and bring it on, I’ll forward them to the PG’s! You can drop me a line by Twitter, Facebook or by e-mail

Continue reading “Get in touch with the Microsoft Enterprise Mobility Suite ‘blackbelt’s’ and drop your feedback!”

Assign Enterprise Mobility Suite licenses– Quick Reference Guide

Just drop you a quick line how to assign Enterprise Mobility Suite licenses to end-users. This is is a straight forward process with an one-stop-shop!

1. Sign into the Azure Management Portal as the global administrator of the directory you wish to customize.
2. Click on Active Directory, and then select the directory where you want to assign licenses.
3. Select the Licenses tab, select Enterprise Mobility Suite, and then click Assign.

clip_image002[4] Continue reading “Assign Enterprise Mobility Suite licenses– Quick Reference Guide”

Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment

In the first two blog posts I covered the theory how deployment of certificates works to mobile devices using Microsoft Intune NDES connector followed by setup and configuring the connector.

In this third blog – part 3 – I’ll outline the depoyment of both Trusted CA Certificate Profile and SCEP Certificate profiles to mobile devices.

Continue reading “Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment”

Part 1 – Deploy certificates to mobile devices using Microsoft Intune NDES – Overview

With the recent updates of Microsoft Intune it is possible now deploying certificate profiles using Network Device Enrollment Service (NDES) to mobile devices.

In this blog series I’ll cover the different aspects of certificate enrollment proces by using Microsoft Intune (standalone).

Overview

Before going in details about NDES and hereby an brief overview of how NDES process works in relation to Microsoft Intune.

Microsoft Intune Standalone NDES

Continue reading “Part 1 – Deploy certificates to mobile devices using Microsoft Intune NDES – Overview”

Use Alternate Login ID implementing Enterprise Mobility Suite in a Multi-Forest scenario

Last week I came across a scenario where Alternate Login ID feature of Active Directory Federation Services (AD FS) came at its best.

Scenario

Part of an Enterprise Mobility Suite (EMS) implementation we were facing a challange to overcome. In this scenario the customer has multi-forest (fictive contoso.local & adatum.local) AD structure with a two-way forest trust relationship. The user resources are currently located in te frabrikam.local (blue) where all server resources are part of the contoso.local (grey) domain including AD FS.

ADFS cross forest Mirosoft Intune Infrastructure

As fabrikam.com is the public domain namespace used, we added a UPN suffix for the fabrikam.local domain to make sure the user objects synced from the on-premise Active Directory – by Azure Active Directory Sync – matches the public User Principal Name (UPN) domain namespace.

Continue reading “Use Alternate Login ID implementing Enterprise Mobility Suite in a Multi-Forest scenario”

Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Continue reading “Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609”