TODO: Move from the Azure AD Graph API to the Microsoft Graph API

Last month, Microsoft has announced the deprecation of the Azure Active Directory Graph API (graph.windows.net). Going forward, the Microsoft Graph API (graph.microsoft.com) is the supported way to gain access to Azure Active Directory programmatically.   What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications and tools communicating … Continue reading "TODO: Move from the Azure AD Graph API to the Microsoft Graph API"

HOWTO: Perform an Azure AD Connect Swing Migration

Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. As with any system in a networking infrastructure, … Continue reading "HOWTO: Perform an Azure AD Connect Swing Migration"

TODO: Upgrade from ADAL to MSAL

Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications.                                                                     What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"

A Real-world tested Approach for Transitioning Web Application Proxy Servers

We’ve migrated many AD FS implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations.   How we migrate In general, we migrate Web Application Proxy servers by adding additional Web Application Proxies … Continue reading "A Real-world tested Approach for Transitioning Web Application Proxy Servers"

A Real-world tested Approach for Transitioning AD FS Servers

We’ve migrated many Active Directory Federation Services (AD FS) implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations.   How we migrate In general, we migrate AD FS servers by adding additional … Continue reading "A Real-world tested Approach for Transitioning AD FS Servers"

KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement

Multi-factor authentication is the current solution to the problem of inadequate information security in today’s world of user names and passwords. When you have enabled multi-factor authentication in Microsoft Azure and Office 365, you might need app passwords to allow for certain access to not disrupt the business.   The situation As an organization, you … Continue reading "KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement"

Announced: Azure AD to offer more 3rd Party MFA features

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft announced a plan for change regarding Azure MFA.   What’s announced Microsoft is planning to replace the current Custom controls (preview) in Conditional Access … Continue reading "Announced: Azure AD to offer more 3rd Party MFA features"

Knowledgebase: In-place Upgrading Domain Controllers to Windows Server 2019 while still using NTFRS breaks SYSVOL Replication and DSLocator

In a domain that is configured to use the File Replication Service, the SYSVOL folder is not shared after you in-place upgrade a Windows Server 2019-based Domain Controller from an earlier version of Windows. Until this directory is shared, Domain Controllers do not respond to DCLOCATOR requests for LDAP, Kerberos, and other Domain Controller workloads. … Continue reading "Knowledgebase: In-place Upgrading Domain Controllers to Windows Server 2019 while still using NTFRS breaks SYSVOL Replication and DSLocator"

Default checks to perform when implementing Hybrid Identity, Part 4: Groups with large memberships

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity: Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 4: Groups with large memberships"

Default checks when implementing Hybrid Identity, Part 3: Linked Mailboxes

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity: One of the parts of your organization’s journey in implementing Hybrid Identity, might be to migrate from DirSync to Azure AD Connect with Azure AD Sync. After you export and import the configuration,  you might expect to see the same … Continue reading "Default checks when implementing Hybrid Identity, Part 3: Linked Mailboxes"