How secure is Microsoft Intune? Keep calm and reassure your cloud security manager!

computer-security-14

Perhaps you noticed yourself but customers are asking more often how secure Microsoft clouds services are(Microsoft Azure, Office365 & Windows Intune)?  Valid questions like “What- and where my corporate data is stored? How my corporate data is protected in Microsoft datacenters? What security controls in place and what about backup, disaster recovery and data retention policies? Do I have control on what data is going synced to the cloud?” And so we can still go on…

By informing customers and providing them guidelines and best practices it is more clear what the impact of using Microsoft cloud services is for their organizations. This will eliminate possible restraints (rightly or not), increases confidence of cloud service as platform & accelerates the adaption as such.

This post might help you to get better understanding on what terms and conditions Microsoft clouds services performed and enables you to inform your cloud security officer! Continue reading “How secure is Microsoft Intune? Keep calm and reassure your cloud security manager!”

Troubleshooting: Federation for Windows Intune

During a Windows Intune proof of concept (PoC) I was facing some issues configuring federation in order to enable Signle Sign On (SSO).

Proxy Authentication

When configuring federation we couldn’t convert the the default domain to a federated domain type. By using the –Verbose –Debug parameters of convert –MsolDomainToFederated cmdlet the root cause became clear. Proxy Authentication was required and therefore we couldn’t convert the domain. One down two to go!

clip_image001_thumb[3] Continue reading “Troubleshooting: Federation for Windows Intune”

Windows Intune User Provisioning: Having a closer look

At the moment there’re several scenario’s to manage and provisioning users to Windows Intune in order to enable Enterprise Mobility Management (EMM) or simply said – managing your mobile devices. As the process of provisioning users to Windows Intune in combination with Configuration Manager 2012 R2 is not always clear I’ll provide you some insights and tips where and how to troubleshoot.

clip_image001

As mentioned I’ll will focus in this post on a hybrid scenario using Configuration Manager 2012 R2, Windows Intune and on-premise Active Directory where Azure Active Directory Sync (aka DirSync) is used to syncronize on-premise users to Windows Intune (Azure Active Directory).

Process Overview Windows Intune User provisioning

  1. John Doe is created in (on-premise) Active Directory
  2. John Doe is synchronized by Azure Active Directory Sync to (off-premise) Azure Active Directory
  3. John Doe is discovered by Configuration Manager 2012 R2
  4. John Doe is add to Windows Intune collection in Configuration Manager 2012 R2
  5. John Doe is synchronized by Windows Intune Connector
  6. John Doe is enabled Windows Intune user

Continue reading “Windows Intune User Provisioning: Having a closer look”

Deploy Active Directory Federation Services (AD FS) 3.0 in a pre Windows Server 2012 R2 era

As you probably know a prerequisite for implementing Active Directory Federation Services (AD FS) based on Windows Server 2012 R2 is to have at least a Windows Server 2012 R2 domain controller available in your infrastructure.

image

This in order to take benefit of using Group Managed Service Accounts (GMSA – generated and maintained by the Key Distribution Service (KDS) on at least Windows Server 2012 domain controllers). The same applies to Device Registration service (DRS) aka Workplace Join, which is responsible for activation and enrolment of controlled devices and represented by a new schema class in Active Directory Domain Services (AD DS). Continue reading “Deploy Active Directory Federation Services (AD FS) 3.0 in a pre Windows Server 2012 R2 era”

Windows Intune "Sorry, but we’re having trouble signing you in" error "80041317"

Make sure when updating your configuration settings of the federated domain for the on-premises Active Directory Federation Services (AD FS) service these settings are updated to the Windows Azure Active Directory (Windows Azure AD) authentication system. Last week I updated my on-premises token-signing certificate without updating federation trust data. This causes the claim that the AD FS service supplies to be malformed and therefore rejected by the Windows Azure AD authentication system.

When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Windows Azure, or Windows Intune from a sign-in webpage whose URL starts with “https://login.microsoftonline.com/login,” authentication for that user fails. Additionally, the user receives the following error message:

Sorry, but we’re having trouble signing you in
Please try again in a few minutes. If this doesn’t work, you might want to contact your admin and report the following error:
80041317 or 80043431

Continue reading “Windows Intune "Sorry, but we’re having trouble signing you in" error "80041317"”

Microsoft Assessment and Planning #MAP 6.0 Beta released

The latest beta release from the Microsoft Assessment and Planning (MAP) team provides organizations with tools to accelerate the adoption of Microsoft private and public cloud platforms.

MAP 6.0 Beta: Accelerate the adoption of Microsoft private and public cloud platforms

Planning your journey to the cloud just got a bit easier. The next release of the Microsoft Assessment and Planning (MAP) Toolkit—version 6.0 Beta—includes assessment capabilities to evaluate workloads for both public and private cloud platforms. With MAP 6.0 Beta, you now have the ability to identify workloads and estimate the infrastructure size and resources needed for both Windows Azure and Hyper-V Fast Track. Also new to MAP 6.0 Beta is the Office 365 client assessment, enhanced VMware inventory, and Oracle schema discovery and reporting. Expanded assessment and discovery capabilities from MAP help you streamline planning for your next migration project. Plan what’s next with MAP.

New features and benefits from MAP 6.0 Beta release help you:

·        Analyze your portfolio of applications for a move to the Windows Azure Platform

·        Accelerate planning to private cloud with Hyper-V Cloud Fast Track onboarding

·        Identify migration opportunities with enhanced heterogeneous server environment inventory

·        Assess your client environment for Office 365 readiness

·        Determine readiness for migration to Windows Internet Explorer 9

·        Discover Oracle database schemas for migration to SQL Server

The beta materials can be downloaded on Connect: http://go.microsoft.com/fwlink/?LinkId=219165

This program is now open. The beta review period will run through mid-July, 2011.
To join the beta review program for Microsoft Assessment and Planning (MAP) Toolkit 6.0, visit Microsoft Connect:http://go.microsoft.com/fwlink/?LinkId=219168