Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today let’s tackle a third configuration item: PhoneFactor’s Trusted IPs. The … Continue reading "TODO: Move from MFA Trusted IPs to Conditional Access Named Locations"
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory and on its blog, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2020: What’s Planned User risk … Continue reading "What’s New in Azure Active Directory in June 2020"
Virtualizing Domain Controllers introduces risks that are not present when running non-virtualized Domain Controllers. Two of these problems –running Domain Controllers on hosts with the wrong time and running all Domain Controllers on the same host –can be addressed with one VMware vSphere feature: VM/Host Rules. Additional challenges when running virtualized Domain Controllers We’ve … Continue reading "Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts"
Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices. When you’ve got it working the way you want it to work, it’ll work flawlessly. But, there are situation where you can’t get it to work the way you want, it stops working the way you want, or … Continue reading "HOWTO: Delete your Windows Hello for Business Registrations"
Today, I received a localized e-mail from the Microsoft Most Valuable Professional (MVP) Award team: In Dutch, it reads: Beste Sander Berkouwer, Nogmaals presenteren we u met genoegen de 2019-2020 Microsoft Most Valuable Professional (MVP) Award als erkenning van uw buitengewone leiderschap in technische community’s. We waarderen uw uitmuntende bijdragen in de volgende technische community’s … Continue reading "I’m a 2020-2021 Microsoft MVP"
It's time for a little personal update on what's happening, it's been a while since I've blogged. I wanted to write and post this for myself, but it might be interesting for others. It was a period of heavy soul-searching and job hunting, eventually leading me to join a new consulting company named NeoNomads as … Continue reading "A new job at NeoNomads!"
Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for June 2020"
Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications. What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"
Azure Log Analytics is a superb product to store and query logs. When an organization streams the sign-in logs and audit logs from Azure Active Directory to an Azure Log Analytics workspace, however, the Azure Log Analytics bill might rake up. In the blogpost I’ll provide a way to effectively calculate the Azure Log Analytics … Continue reading "Calculating your Azure Log Analytics bill when you stream your Azure AD logs to it"
The last couple of weeks I have been working with several Microsoft Exchange Server environments. I encountered lots of expired certificates. Organizations wanted help with that. One of the questions that kept coming back was: Do I press Yes to change the default certificate, when I enabled the certificate for SMTP? The official answer is … Continue reading "Field notes: What is the current default SMTP certificate for your Exchange Server environment?"