Requiring multi-factor authentication for on-premises Microsoft resources has been a difficult challenge, ever since Microsoft acquired PhoneFactor in 2012 and slowly but steadily turned its technologies into Azure MFA. Today, we’re reaching the end of the line for one of the intermediate multi-factor authentication solutions: the Azure MFA SDK. About the Azure MFA SDK The … Continue reading "The Azure MFA SDK stops working today"
Last month, Microsoft has announced the deprecation of the Azure Active Directory Graph API (graph.windows.net). Going forward, the Microsoft Graph API (graph.microsoft.com) is the supported way to gain access to Azure Active Directory programmatically. What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications and tools communicating … Continue reading "TODO: Move from the Azure AD Graph API to the Microsoft Graph API"
Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. As with any system in a networking infrastructure, … Continue reading "HOWTO: Perform an Azure AD Connect Swing Migration"
Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications. What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"
We’ve migrated many AD FS implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations. How we migrate In general, we migrate Web Application Proxy servers by adding additional Web Application Proxies … Continue reading "A Real-world tested Approach for Transitioning Web Application Proxy Servers"
We’ve migrated many Active Directory Federation Services (AD FS) implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations. How we migrate In general, we migrate AD FS servers by adding additional … Continue reading "A Real-world tested Approach for Transitioning AD FS Servers"
Multi-factor authentication is the current solution to the problem of inadequate information security in today’s world of user names and passwords. When you have enabled multi-factor authentication in Microsoft Azure and Office 365, you might need app passwords to allow for certain access to not disrupt the business. The situation As an organization, you … Continue reading "KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement"
Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft announced a plan for change regarding Azure MFA. What’s announced Microsoft is planning to replace the current Custom controls (preview) in Conditional Access … Continue reading "Announced: Azure AD to offer more 3rd Party MFA features"
In a domain that is configured to use the File Replication Service, the SYSVOL folder is not shared after you in-place upgrade a Windows Server 2019-based Domain Controller from an earlier version of Windows. Until this directory is shared, Domain Controllers do not respond to DCLOCATOR requests for LDAP, Kerberos, and other Domain Controller workloads. … Continue reading "Knowledgebase: In-place Upgrading Domain Controllers to Windows Server 2019 while still using NTFRS breaks SYSVOL Replication and DSLocator"
Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity: Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 4: Groups with large memberships"