Skip to Content

Category Archives: Active Directory Federation Services

Active Directory Federation Services

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Written on February 12, 2018 at 1:54 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the […]

Configuring the Azure AD Connect Health Agent for AD FS on Server Core

Written on February 9, 2018 at 9:40 AM, by

When you get serious about security in Hybrid Identity implementations, you would opt to implement AD FS servers and Web Application Proxies as Server Core installations. However, this poses a slight problem with the Azure AD Connect Health Agent for AD FS, because at first glance, you can’t configure it on Server Core installations of […]

Windows Server 2016’s January 2018 Quality Update fixes several AD FS issues

Written on January 23, 2018 at 12:12 PM, by

Windows Server 2016’s January 2018’s Cumulative Quality Update, bringing the OS version to 14393.2034, offers several fixes for Secure Token Servers (STSs) running Active Directory Federation Services (AD FS).   About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 […]

Use your F5 BIG-IP Appliance as Full-Fledged AD FS Web Application Proxy

Written on January 3, 2018 at 7:40 PM, by

With the release of version 13.1 of its BIG-IP software, F5 Networks enables you to make your F5 BIG-IP series appliances and F5 Virtual Edition (VE) appliances to act as ful-fledged Web Application Proxies in combination with Windows Server 2012 R2 and/or Windows Server 2016-based Active Directory Federation Services (AD FS) Servers using MS-ADFSPIP. About […]

Identity-related sessions at Microsoft Ignite 2017 in Orlando

Written on August 21, 2017 at 3:04 PM, by

Microsoft Ignite 2017 North America in Orlando is only a few weeks away and many of us have begun filling their session builder with interesting sessions, corresponding to their interests and knowledge. I decided to compile a list of the Active Directory, Azure Active Directory, Graph, Group Policy  and Enterprise Mobility + Security (EM+S) related […]

Branding your Hybrid Identity Solution, Part 5: Azure Multi-Factor Authentication Server’s AD FS Adapter implementation

Written on March 16, 2017 at 11:13 AM, by

Once you’ve branded the Active Directory Federation Services (AD FS) and Azure Active Directory pages, you might want to apply your corporate branding to the Active Directory Federation Services Adapter pertaining to your on-premises Azure Multi-Factor Authentication (MFA) Server. For AD FS running on Windows Server 2012 R2, this means that the Azure Multi-Factor Authentication […]

Important Update for Active Directory Federation Services (MS17-019, KB4010320, CVE-2017-0043)

Written on March 14, 2017 at 11:43 PM, by

Today, for its March 2017 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). The security update addresses a vulnerability that could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system..   […]

Branding your Hybrid Identity Solution, Part 4: Active Directory Federation Services

Written on March 14, 2017 at 9:26 PM, by

Active Directory Federation Services (AD FS) plays a huge part in your Hybrid Identity implementation. For colleagues using their domain credentials on domain-joined devices located on-premises , through Kerberos, they gain Single Sign-On (SSO) access to web apps your organization uses. For roaming colleagues, AD FS offers Single Sign-On on a per browser session basis, […]

Branding your Hybrid Identity Solution, Part 2: Recommendations

Written on March 12, 2017 at 9:04 AM, by

Before we go applying changes to our Hybrid Identity implementation, I feel it’s a good time to discuss some of my recommendations for branding. These below five recommendations flow from my own personal experience branding the components of Hybrid Identity implementations.   Built-in branding vs. Full customization For Active Directory Federation Services (AD FS), you […]

KnowledgeBase: Logging in to the Intune Company Portal App results in an error “Could not sign in” on Android phones with Chrome 56, and up

Written on February 23, 2017 at 8:14 AM, by

This morning I read a blogpost by John Arnold on the Intune Support TechNet Blog on a strange Intune-related error on Android Phones when accessing the Company Portal app. As it turned out, this is an Active Directory Federation Services (AD FS)-related certificate issue, so I thought I’d share it here as well.   The […]