Explained: User Hard Matching and Soft Matching in Azure AD Connect

In Hybrid Identity implementations, where objects and their attributes are synchronized between on-premises Active Directory environments and Azure AD tenants, integrity is key; When user objects on both sides have different attributes, or exist multiple times at one side, information security drops to critical levels fast. To avoid this situation, Azure AD Connect matches user … Continue reading "Explained: User Hard Matching and Soft Matching in Azure AD Connect"

Announced: Azure AD to offer more 3rd Party MFA features

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft announced a plan for change regarding Azure MFA.   What’s announced Microsoft is planning to replace the current Custom controls (preview) in Conditional Access … Continue reading "Announced: Azure AD to offer more 3rd Party MFA features"

A closer look at Azure AD Connect’s Service Connection Point

Recent versions of Azure AD Connect deploy a Service Connection Point (SCP) into your Active Directory Domain Services (AD DS) environment(s). Let’s look a bit closer to what this SCP looks like, what it does by default and how you can use and tweak it to your advantage.   About Service Connection Points Active Directory … Continue reading "A closer look at Azure AD Connect’s Service Connection Point"

TODO: Enable Modern Authentication

Microsoft is in the process of deprecating basic authentication to its cloud services. While their announcements feel far away, I feel this is the best time to act, if you were one of the earlier adopters of Office 365 and Azure Active Directory.   What Microsoft is saying Microsoft is communicating clearly on the upcoming … Continue reading "TODO: Enable Modern Authentication"

KnowledgeBase: You receive error ‘AADSTS5000812: The SAML 1.1 credential must contain exactly one or zero claims of type ImmutableID’ when signing into Azure AD-integrated resources

In Hybrid Identity implementations, Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Azure AD work together to authenticate people in your organization, so that they can work with Azure AD-integrated resources like Office 365. Sometimes, the constellation fails and you get an error page, instead of reaching the desired application, … Continue reading "KnowledgeBase: You receive error ‘AADSTS5000812: The SAML 1.1 credential must contain exactly one or zero claims of type ImmutableID’ when signing into Azure AD-integrated resources"

KnowledgeBase: You receive “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:” when installing Azure AD Connect

Troubleshooting issues with Azure AD Connect can be a lot of fun, until you realize that new functionality throws an error that is incredibly vague. This blogpost provides the instructions to get Azure AD Connect working for your Hybrid Identity implementation when you receive “The ADSync service failed to start with an unexpected error for … Continue reading "KnowledgeBase: You receive “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:” when installing Azure AD Connect"

What’s New in Azure Active Directory in February 2020

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for February 2020:   What’s Planned Identity Secure Score – MFA improvement … Continue reading "What’s New in Azure Active Directory in February 2020"

HOWTO: Deploy Azure AD Connect with SQL Server

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing Azure AD Connect with a … Continue reading "HOWTO: Deploy Azure AD Connect with SQL Server"

Ten things you need to know about Azure AD Connect Cloud Provisioning

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. On December 5th 2019, Microsoft introduced Azure AD Connect Cloud Provisioning. After playing around with it,’I’m sharing ten things you’ll want to … Continue reading "Ten things you need to know about Azure AD Connect Cloud Provisioning"

What’s New in Azure Active Directory in January 2020

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for January 2020:   What’s New The new My Apps portal is … Continue reading "What’s New in Azure Active Directory in January 2020"