Swimming against the stream of all Azure Roles being available in the Roles and administrators pane of the Azure AD Portal, the Device administrator role is missing here. Now, let’s explore how to add additional administrators to Azure AD-joined devices. About Azure AD Join Organization-owned Windows-based devices used to be joined to Active Directory. … Continue reading "KnowledgeBase: The Device Administrator Role is not available on the Roles and Administrators pane in the Azure Portal"
Last week, Alex Simons announced on behalf of his team the Public Preview of assigning groups to Azure AD roles with a blogpost titled Assigning groups to Azure AD roles is now in public preview! on the Microsoft Tech Community. Ten things you need to know Assigning groups to Azure AD Roles sounds perfect, but … Continue reading "Ten things you need to know about Assigning Groups to Azure AD Roles"
As you might recall, Microsoft offered a solution to systems administrators to set the local administrator password on domain-joined devices using Group Policy Preferences, but ended the solution, almost a year ago, when the encoding mechanism was decoded and an attack was created towards this vulnerability (CVE-2014-1812). Introducing LAPS Yesterday, Microsoft introduced version 6 … Continue reading "Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)"
Recently, after deploying Azure Self-service Password Reset (SSPR) for a customer, I discovered some odd behavior. After we worked through the error tree, we finally worked out the issue. Since it wasn’t documented yet (many other errors are!) at Microsofts KnowledgeBase, here it is. The situation In an organization with an on-premises Active Directory … Continue reading "KnowledgeBase: You receive a "Your request could not be processed" error when using Azure Self-service Password Reset (SSPR)"
In Windows Server 2012, Microsoft introduced the new streamlined Active Directory Domain Services Configuration Wizard, that in most Microsoft documentation is labeled the successor to dcpromo.exe. I’m a big fan of the new wizard, but there’s one feature I don’t use: the automatic Active Directory preparation steps it can perform for you to update the … Continue reading "I’m still an ADPrep kinda guy"
I’ve been working with Active Directory Administrative Center (ADAC) for a while now, but didn’t have time to look at Delegation of Control lately. Yesterday I finally came round to configuring it and was baffled by a serious issue