Secure your SaaS & On-premises applications with Azure AD Conditional Access

Last week Microsoft announced the public preview of Azure AD Conditional Access to protect Azure AD SaaS applications based on device-based policy rules. Conditional Access (CA) is already available for a quite long time for those who are using Microsoft Intune, but was scoped to Microsoft cloud services such as Dynamics CRM Online, Exchange Online, Exchange on-premises, SharePoint Online and Skype for Business Online.

With the introduction of CA for Azure AD SaaS applications it’s a great step forwards raising the security bar in a mobile first cloud first world securing your SaaS applications and how they being accessed.


In this blog I will not elaborate the detailed operation of CA but will show you how easily it is to configure and apply Azure AD Conditional Access for an on-premise web application which we have published by Azure AD Proxy. Continue reading “Secure your SaaS & On-premises applications with Azure AD Conditional Access”

Updated Microsoft Intune On-premises Connector for On-premises or Hosted Exchange

image

For those who are using On-Premises Exchange or Hosted Exchange with Microsoft Intune (standalone) hereby a quick post to inform you the Microsoft Intune Exchange connector (5.0.6175.0) has been updated last month (March 2016). At time of writing no release notes were available what has been addressed with the updated connector.

Continue reading “Updated Microsoft Intune On-premises Connector for On-premises or Hosted Exchange”

Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)

Exchange Connector Current Branch

Note! Updated with additional permissions (Get-Mailbox) 04/28/2016

During a Configuration Manager Current Branch (1511) implementation I bumped into an issue configuring the Exchange Connector. After configuring the Exchange Connector, devices which are connected by Exchange were not successfully discovered and therefore not appearing in the admin console.

Continue reading “Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)”

Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Continue reading “Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609”