New version of Azure MFA Server available (7.0.0)

image

For those who are using Azure Multi-Factor Authentication Server (on-premises) hereby a quick post to inform you there is a new version of Azure MFA Server available. The new version of Azure MFA Server (7.0.0.9) can be downloaded through the Azure Management Portal or MFA Management Portal.

Continue reading “New version of Azure MFA Server available (7.0.0)”

Use Custom Attributes for automatically populate Azure AD Dynamic Group Memberships

March this year the Active Directory team announced Attribute Based Dynamic Group Membership for Azure AD. Until then, group membership was a manual thing that had to be done for each user. With this feature you can specify a rule on an Azure AD security group that will automatically manage the membership of that group based on user’s attribute values. Dynamic Group Membership is supporting by default a subset of user attributes which can be used.

image

But what if you use in your organization custom attributes for various applications-, business- and provisioning processes? In this blog post we go further and will explain how to use custom AD attributes, extend your Azure AD tenant and use these custom attributes to automatically populating a security group.

Continue reading “Use Custom Attributes for automatically populate Azure AD Dynamic Group Memberships”

Integrate your Microsoft Intune device enrollment with Azure AD!

May this year Microsoft announced a new capability of automatically enroll devices in Microsoft Intune as part of joining devices in to Azure AD (Premium). By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and management capabilities.

image

This will work with both Microsoft Intune and with 3rd party MDM solutions. In this blog post I’ll show you how ease and transparent this process is and how powerful the integration is of Microsoft Online Services and Windows 10!

Continue reading “Integrate your Microsoft Intune device enrollment with Azure AD!”

How Azure AD Premium & Office 365 improves Collaboration

So you’ve always wondered what it takes to improve both collaboration and business processes in your organization, which results in employees being more productive? Do I’ve your attention…read on!

With Microsoft Azure and Office 365, Microsoft offers you a (cloud) platform with a huge potential to optimize and boost your business. In this blog I’ll illustrate this with a simple example of how you can use these cloud services to improve collaboration within your organization.

Coming together is a beginning; keeping together is a progress; working together is a success.

Continue reading “How Azure AD Premium & Office 365 improves Collaboration”

Azure AD Premium Public Preview Features…a closer look

image

Microsoft is continuously improving their Azure cloud services while new features get introduced in rapid pace. In this blog I want to consider some new Azure Active Directory Premium features which are currently in public preview. ’These features are:

  • Dynamic Groups
  • Azure Application Custom Domain publishing
  • Azure Conditional Application Access

Continue reading “Azure AD Premium Public Preview Features…a closer look”

Assign EMS licenses based on Local Active Directory Group Membership

 

 

As all roads lead to Rome there are many ways to assign Enterprise Mobility Suite (EMS) licenses to end-users. This can be a manual process or automated by using PowerShell. Both options have in common that you must be a global administrator of your Azure subscription to assign these licenses.

The majority of the available public resources and publications describes the (manual) process bassed on per user- or group assignment through the Azure Management Portal. Downside of assigning EMS licenses through the Azure Management Portal or by PowerShell is that you must be a member of the global administrator user role. A right you want to keep to a limited number of accounts, further these accounts are often not responsible for such tasks as assigning licenses.

Continue reading “Assign EMS licenses based on Local Active Directory Group Membership”

Name Suffix Routing into the rescue publishing Non-Claims-Aware application using Kerberos Constrained Delegation

Last week I faced a challenge publishing non-claims-aware application (SharePoint 2013) using Kerberos Constrained Delegation (KCD) by Web Application Proxy (WAP).

ADFS cross forest Mirosoft Intune Infrastructure

The customer environment consists of a multi-forest active directory where user accounts and server objects each stored in a separate forest. Due to the introduction of Microsoft Enterprise Mobility Suite (EMS) we added a public User Principal Name (UPN) which was required to log on using a public domain namespace.

Continue reading “Name Suffix Routing into the rescue publishing Non-Claims-Aware application using Kerberos Constrained Delegation”

Making hybrid identity simple with Azure AD Connect

As mentioned in my previous post I’m in Redmond (WA) to join the Enterprise Mobility deep dive airlift. During my three-day stay I’ll listen, learn and getting inspired of all cool stuff Enterprise Mobility has to offer. On the first day we covered the hybrid identity part of EMS which means – Azure AD Connect, Azure AD Premium – which provided a lot of new insights and key takeaways.

image

Continue reading “Making hybrid identity simple with Azure AD Connect”

Use Alternate Login ID implementing Enterprise Mobility Suite in a Multi-Forest scenario

Last week I came across a scenario where Alternate Login ID feature of Active Directory Federation Services (AD FS) came at its best.

Scenario

Part of an Enterprise Mobility Suite (EMS) implementation we were facing a challange to overcome. In this scenario the customer has multi-forest (fictive contoso.local & adatum.local) AD structure with a two-way forest trust relationship. The user resources are currently located in te frabrikam.local (blue) where all server resources are part of the contoso.local (grey) domain including AD FS.

ADFS cross forest Mirosoft Intune Infrastructure

As fabrikam.com is the public domain namespace used, we added a UPN suffix for the fabrikam.local domain to make sure the user objects synced from the on-premise Active Directory – by Azure Active Directory Sync – matches the public User Principal Name (UPN) domain namespace.

Continue reading “Use Alternate Login ID implementing Enterprise Mobility Suite in a Multi-Forest scenario”

Troubleshooting: Federation for Windows Intune

During a Windows Intune proof of concept (PoC) I was facing some issues configuring federation in order to enable Signle Sign On (SSO).

Proxy Authentication

When configuring federation we couldn’t convert the the default domain to a federated domain type. By using the –Verbose –Debug parameters of convert –MsolDomainToFederated cmdlet the root cause became clear. Proxy Authentication was required and therefore we couldn’t convert the domain. One down two to go!

clip_image001_thumb[3] Continue reading “Troubleshooting: Federation for Windows Intune”