Azure’s Access Control Service is retiring in three months time

  One of Azure’s oldest Identity-related services, Azure’s Access Control Service (ACS) will cease to exist soon. There are replacements. If your organization is still using ACS, you will need to migrate this functionality to Azure AD,  Azure AD B2C, AD FS and/or 3rd party solutions.   About the Access Control Service The Microsoft Azure … Continue reading "Azure’s Access Control Service is retiring in three months time"

Azure AD Connect version 1.1.880.0 is now available

Last Friday, Microsoft released Azure AD Connect version 1.1.880.0. This release of Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.   What’s Fixed SQL Deadlock Issue The Azure AD Connect team fixed a bug … Continue reading "Azure AD Connect version 1.1.880.0 is now available"

Configuring Account Lockout throughout a Hybrid Identity Environment

Denial of Service attacks on identity and access systems are common place. When you think you’re done when you’ve covered all the bases with account lock-out in your on-premises Active Directory Domain Services (AD DS) environment, you’re wrong. Hybrid Identity requires more effort and Microsoft only made the tools you need generally available this month. … Continue reading "Configuring Account Lockout throughout a Hybrid Identity Environment"

Azure AD Connect Custom Settings vs Express Settings

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAPv3-based identity platforms to Azure Active Directory. During installation, Azure AD Connect offers a choice. This is the first choice and also the most fundamental choice for Azure AD … Continue reading "Azure AD Connect Custom Settings vs Express Settings"

Pro Tip! Use the claim rules from ADFSHelp for your ‘Office 365 Identity Platform’ Relying Party Trust

Whenever I talk about the claim rules in Active Directory Federation Services (AD FS) for the ‘Office 365 Identity Platform’ Relying Party Trust (RPT), between the on-premises AD FS implementation and Azure AD, I get the following question: How do we manually set up the advanced claim rules that Azure AD Connect configures automatically? Let’s … Continue reading "Pro Tip! Use the claim rules from ADFSHelp for your ‘Office 365 Identity Platform’ Relying Party Trust"

Azure AD Connect v1.1.749.0 adds Privacy and Security Controls

Last week, Microsoft released version 1.1.749.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory. This version adds privacy controls, additional security controls, a wizard page for device write-back and other miscellaneous fixes.   What’s … Continue reading "Azure AD Connect v1.1.749.0 adds Privacy and Security Controls"

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the … Continue reading "Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version"

Using Azure AD Connect with a gMSA

Since version 1.1.443.0, you can use Azure AD Connect with a group Managed Service Account (gMSA) as its service account. I thought it was time to show you how to configure Azure AD Connect with a gMSA.   The problem with service accounts We all use service accounts in our environments. These accounts allow us … Continue reading "Using Azure AD Connect with a gMSA"

Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas

When you read through Azure AD Connect’s prerequisites page, you’ll notice that Microsoft supports installing Azure AD Connect on Active Directory Domain Controllers. While this would certainly be a helpful scenario for organizations with up to 50 user accounts, I would not recommend doing so. Note: Installing Azure AD Connect on a Read-only Domain Controller … Continue reading "Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas"

Azure AD Connect 1.1.614.0 offers a load of fixes and enhanced functionality

Yesterday, Microsoft released version 1.1.614.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.   What’s New Azure AD Connect Sync Azure AD Connect now features a Troubleshoot task in the Azure AD Connect wizard … Continue reading "Azure AD Connect 1.1.614.0 offers a load of fixes and enhanced functionality"