For those who are using Azure Multi-Factor Authentication Server (on-premises) hereby a quick post to inform you there is a new version of Azure MFA Server available. The new version of Azure MFA Server (184.108.40.206) can be downloaded through the Azure Management Portal or MFA Management Portal.
March this year the Active Directory team announced Attribute Based Dynamic Group Membership for Azure AD. Until then, group membership was a manual thing that had to be done for each user. With this feature you can specify a rule on an Azure AD security group that will automatically manage the membership of that group based on user’s attribute values. Dynamic Group Membership is supporting by default a subset of user attributes which can be used.
But what if you use in your organization custom attributes for various applications-, business- and provisioning processes? In this blog post we go further and will explain how to use custom AD attributes, extend your Azure AD tenant and use these custom attributes to automatically populating a security group.
May this year Microsoft announced a new capability of automatically enroll devices in Microsoft Intune as part of joining devices in to Azure AD (Premium). By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and management capabilities.
This will work with both Microsoft Intune and with 3rd party MDM solutions. In this blog post I’ll show you how ease and transparent this process is and how powerful the integration is of Microsoft Online Services and Windows 10!
So you’ve always wondered what it takes to improve both collaboration and business processes in your organization, which results in employees being more productive? Do I’ve your attention…read on!
With Microsoft Azure and Office 365, Microsoft offers you a (cloud) platform with a huge potential to optimize and boost your business. In this blog I’ll illustrate this with a simple example of how you can use these cloud services to improve collaboration within your organization.
Coming together is a beginning; keeping together is a progress; working together is a success.
Microsoft is continuously improving their Azure cloud services while new features get introduced in rapid pace. In this blog I want to consider some new Azure Active Directory Premium features which are currently in public preview. ’These features are:
- Dynamic Groups
- Azure Application Custom Domain publishing
- Azure Conditional Application Access
As all roads lead to Rome there are many ways to assign Enterprise Mobility Suite (EMS) licenses to end-users. This can be a manual process or automated by using PowerShell. Both options have in common that you must be a global administrator of your Azure subscription to assign these licenses.
- How to assign EMS/Azure AD Premium licenses to user accounts
- How to use PowerShell to assign EMS/Azure AD Premium licenses
- Simplified License Assignment with Azure AD and EMS
- How to assign EMS licenses using the Azure Portal
The majority of the available public resources and publications describes the (manual) process bassed on per user- or group assignment through the Azure Management Portal. Downside of assigning EMS licenses through the Azure Management Portal or by PowerShell is that you must be a member of the global administrator user role. A right you want to keep to a limited number of accounts, further these accounts are often not responsible for such tasks as assigning licenses.
Last week I faced a challenge publishing non-claims-aware application (SharePoint 2013) using Kerberos Constrained Delegation (KCD) by Web Application Proxy (WAP).
The customer environment consists of a multi-forest active directory where user accounts and server objects each stored in a separate forest. Due to the introduction of Microsoft Enterprise Mobility Suite (EMS) we added a public User Principal Name (UPN) which was required to log on using a public domain namespace.
As mentioned in my previous post I’m in Redmond (WA) to join the Enterprise Mobility deep dive airlift. During my three-day stay I’ll listen, learn and getting inspired of all cool stuff Enterprise Mobility has to offer. On the first day we covered the hybrid identity part of EMS which means – Azure AD Connect, Azure AD Premium – which provided a lot of new insights and key takeaways.
Last week I came across a scenario where Alternate Login ID feature of Active Directory Federation Services (AD FS) came at its best.
Part of an Enterprise Mobility Suite (EMS) implementation we were facing a challange to overcome. In this scenario the customer has multi-forest (fictive contoso.local & adatum.local) AD structure with a two-way forest trust relationship. The user resources are currently located in te frabrikam.local (blue) where all server resources are part of the contoso.local (grey) domain including AD FS.
As fabrikam.com is the public domain namespace used, we added a UPN suffix for the fabrikam.local domain to make sure the user objects synced from the on-premise Active Directory – by Azure Active Directory Sync – matches the public User Principal Name (UPN) domain namespace.
During a Windows Intune proof of concept (PoC) I was facing some issues configuring federation in order to enable Signle Sign On (SSO).
When configuring federation we couldn’t convert the the default domain to a federated domain type. By using the –Verbose –Debug parameters of convert –MsolDomainToFederated cmdlet the root cause became clear. Proxy Authentication was required and therefore we couldn’t convert the domain. One down two to go!