TODO: Move from per-user MFA to Conditional Access

One of the remnants of the PhoneFactor infrastructure is an old page that is linked in the Azure Portal. It allows for enforcing multi-factor authentication on a per-user basis. It should not be used for several reasons. Here’s why.   Ways to require multi-factor authentication in Azure AD In Azure Active Directory, there are three … Continue reading "TODO: Move from per-user MFA to Conditional Access"

Recordings of the webinars with Netwrix are now available

Last month, on April 22nd, 28th and 30th, I hosted three 60-minute webinars with Netwrix on my three favorite chapters in my Active Directory Administration Cookbook. Over 1800 people have registered for these webinars. Now, a mere week after the last webinar, the Netwrix team has done everyone a huge favor by already placing the … Continue reading "Recordings of the webinars with Netwrix are now available"

On-premises Microsoft Identity-related updates and fixes for April 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for April 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4550929 April 14, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for April 2020"

What’s New in Azure Active Directory in April 2020

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for April 2020:   What’s New Combined security info registration experience generally … Continue reading "What’s New in Azure Active Directory in April 2020"

KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. However, you can also use it to set up and manage your organization’s Active Directory Federation Services (AD FS) implementation. This works … Continue reading "KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides"

Choosing the right Passwordless sign-in method for your colleagues

Passwordless is Microsoft’s strategy to improve enterprise security and enable end-user convenience at the same time. The era of passwords is slowly coming to an end and Microsoft offers readily-available solutions for your colleagues to sign-in to their devices and services. However, with its many passwordless methods, Microsoft isn’t making it easy for identity admins … Continue reading "Choosing the right Passwordless sign-in method for your colleagues"

TODO: Enable the new My Apps and My Profile Experiences

Microsoft will be updating the current Azure AD Apps and Profile experiences on July 20th 2020. This means that from that data onward your colleagues will be automatically switched over to the updated My Apps and My Account experiences. Note: The updated My Apps and My Account offer the same functionality as the current experiences, … Continue reading "TODO: Enable the new My Apps and My Profile Experiences"

Azure AD Connect v1.5.29.0 fixes an issue with enabling Seamless Single Sign-on

After every fresh major release of Azure AD Connect by Microsoft, several smaller hotfix releases update the functionality to prevent issues where administrators are not able to perform certain configurations or gain access to functionality. This week, Azure AD Connect version 1.5.29.0 was released, fixing an issue that was introduced in a previous hotfix release. … Continue reading "Azure AD Connect v1.5.29.0 fixes an issue with enabling Seamless Single Sign-on"

HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"

Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0

Azure AD Connect version 1.5.18.0 introduced a new feature: mS-DS-ConsistencyGUID as the source anchor for groups. Now, as organizations are upgrading to the new version, some overlooked scenarios rear their heads. Azure AD Connect version 1.5.22.0 is here to fix an issue when you’ve cloned a synchronization rule.   What’s Fixed Version 1.5.22.0 addresses an … Continue reading "Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0"