Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for September 2020, on top of the announcements from Microsoft Ignite 2020: … Continue reading "What’s New in Azure Active Directory in September 2020"
Microsoft organized Ignite 2020 as a free digital event between Tuesday September 22nd and Thursday September 24th. Ignite is Microsoft’s yearly event for IT Professionals and developers. At Microsoft Ignite they connect with IT leaders from around the world. They hear from industry thought-leaders on the changing landscape of IT, they find new technology partners … Continue reading "A Recap of Identity-related Announcements from Microsoft Ignite 2020"
This week, I was contacted by an organization who were in the process of starting anew with Active Directory Domain Services (AD DS). The old Active Directory forest was too … old, basically. It showed signs of problems around attribute integrity, schema extension bloat and delegation defaults from the 00’s. The challenge I assisted with, … Continue reading "HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest"
Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access, Move from MFA Trusted IPs to Conditional Access Named Locations and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today … Continue reading "TODO: Migrate off the ‘Skip multi-factor authentication for requests from federated users on my intranet’ settings"
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for August 2020: What’s Planned Updates to Azure Multi-Factor Authentication Server firewall … Continue reading "What’s New in Azure Active Directory in August 2020"
Swimming against the stream of all Azure Roles being available in the Roles and administrators pane of the Azure AD Portal, the Device administrator role is missing here. Now, let’s explore how to add additional administrators to Azure AD-joined devices. About Azure AD Join Organization-owned Windows-based devices used to be joined to Active Directory. … Continue reading "KnowledgeBase: The Device Administrator Role is not available on the Roles and Administrators pane in the Azure Portal"
Last week, Alex Simons announced on behalf of his team the Public Preview of assigning groups to Azure AD roles with a blogpost titled Assigning groups to Azure AD roles is now in public preview! on the Microsoft Tech Community. Ten things you need to know Assigning groups to Azure AD Roles sounds perfect, but … Continue reading "Ten things you need to know about Assigning Groups to Azure AD Roles"
On this blog, and in several other places, I’ve shared my experiences with Azure Multi-Factor Authentication. In the early days of Azure MFA, a lot of organizations, a lot of client applications and a lot of 3rd party services were not able to perform multi-factor authentication. For these situations, Microsoft provided the App Passwords functionality. … Continue reading "Getting to know the devices that people in your organization use App Passwords on"
The 2020 Hybrid Identity Protection Conference (HIPConf) was originally planned for April 2020. As New York and other cities around the globe helped us combat the COVID-19 pandemic, this was not a good time to gather and discuss our topics in person. However, organizations worldwide need our guidance more than ever. Cyber crime evolves through … Continue reading "I’ve joined the Semperis Hybrid Identity Protection Podcast"
Many organizations are adopting Azure AD Join as the mechanism to create a trust relationship between their Windows 10-based devices and their Identity solution. In the obligatory joiners/workers/leavers processes, however, it might make sense to repurpose an Azure AD-joined devices to another person in the organization. In this blogpost I’ll explain how to achieve this … Continue reading "HOWTO: Repurpose an Azure AD-joined device in an organization without Intune"