Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune

In 2004, long before we went online massively concepts like phishing or ransomware were on the rise, Bill Gates, predicted at the RSA Conference that year the demise of passwords saying “they just don’t meet the challenge for anything you really want to secure.”

For years, we’ve been discussing the vulnerabilities of passwords (80 percent of security breaches are down to stolen passwords & credentials) and the need to ditch them for more robust & secure solutions. Many initiatives have been launched like Microsoft’s CardSpace, the Higgins project, the Liberty Alliance, NSTIC, the FIDO Alliance and various Identity 2.0 proposals. All with the explicit goal of eliminating passwords.

Continue reading “Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune”

Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API

Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.

From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”

Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)

Exchange Connector Current Branch

Note! Updated with additional permissions (Get-Mailbox) 04/28/2016

During a Configuration Manager Current Branch (1511) implementation I bumped into an issue configuring the Exchange Connector. After configuring the Exchange Connector, devices which are connected by Exchange were not successfully discovered and therefore not appearing in the admin console.

Continue reading “Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)”

Azure AD Premium Public Preview Features…a closer look

image

Microsoft is continuously improving their Azure cloud services while new features get introduced in rapid pace. In this blog I want to consider some new Azure Active Directory Premium features which are currently in public preview. ’These features are:

  • Dynamic Groups
  • Azure Application Custom Domain publishing
  • Azure Conditional Application Access

Continue reading “Azure AD Premium Public Preview Features…a closer look”

Troubleshooting: Federation for Windows Intune

During a Windows Intune proof of concept (PoC) I was facing some issues configuring federation in order to enable Signle Sign On (SSO).

Proxy Authentication

When configuring federation we couldn’t convert the the default domain to a federated domain type. By using the –Verbose –Debug parameters of convert –MsolDomainToFederated cmdlet the root cause became clear. Proxy Authentication was required and therefore we couldn’t convert the domain. One down two to go!

clip_image001_thumb[3] Continue reading “Troubleshooting: Federation for Windows Intune”

Windows Intune User Provisioning: Having a closer look

At the moment there’re several scenario’s to manage and provisioning users to Windows Intune in order to enable Enterprise Mobility Management (EMM) or simply said – managing your mobile devices. As the process of provisioning users to Windows Intune in combination with Configuration Manager 2012 R2 is not always clear I’ll provide you some insights and tips where and how to troubleshoot.

clip_image001

As mentioned I’ll will focus in this post on a hybrid scenario using Configuration Manager 2012 R2, Windows Intune and on-premise Active Directory where Azure Active Directory Sync (aka DirSync) is used to syncronize on-premise users to Windows Intune (Azure Active Directory).

Process Overview Windows Intune User provisioning

  1. John Doe is created in (on-premise) Active Directory
  2. John Doe is synchronized by Azure Active Directory Sync to (off-premise) Azure Active Directory
  3. John Doe is discovered by Configuration Manager 2012 R2
  4. John Doe is add to Windows Intune collection in Configuration Manager 2012 R2
  5. John Doe is synchronized by Windows Intune Connector
  6. John Doe is enabled Windows Intune user

Continue reading “Windows Intune User Provisioning: Having a closer look”

Should I use Service Management Automation (SMA) or System Center 2012 – Orchestrator?

An actual question that is asked regurlarly. Hereby in short some pro’s and con’s to consider.

Orchestrator

In System Center 2012, System Center 2012 SP1, and System Center 2012 R2, the Orchestrator component enables you to automate business processes and IT operations in your data center without scripting or programming. Orchestrator is a feature in System Center 2012. If you already have System Center 2012 installed, and you do not plan to install Windows Azure Pack, use Orchestrator.

image

  • Automate business processes and IT operations in your data center without scripting or programming.
  • You can also use PowerShell cmdlets to run other System Center 2012 components/Cmdlets.
  • Let you use integration packs that are not covered by PowerShell. (Example : Leveraging Service Manager)

Continue reading “Should I use Service Management Automation (SMA) or System Center 2012 – Orchestrator?”