HOWTO: Delete your Windows Hello for Business Registrations

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices. When you’ve got it working the way you want it to work, it’ll work flawlessly. But, there are situation where you can’t get it to work the way you want, it stops working the way you want, or … Continue reading "HOWTO: Delete your Windows Hello for Business Registrations"

I’m a 2020-2021 Microsoft MVP

Today, I received a localized e-mail from the Microsoft Most Valuable Professional (MVP) Award team: In Dutch, it reads: Beste Sander Berkouwer, Nogmaals presenteren we u met genoegen de 2019-2020 Microsoft Most Valuable Professional (MVP) Award als erkenning van uw buitengewone leiderschap in technische community’s. We waarderen uw uitmuntende bijdragen in de volgende technische community’s … Continue reading "I’m a 2020-2021 Microsoft MVP"

On-premises Microsoft Identity-related updates and fixes for June 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for June 2020"

TODO: Upgrade from ADAL to MSAL

Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications.                                                                     What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"

Calculating your Azure Log Analytics bill when you stream your Azure AD logs to it

Azure Log Analytics is a superb product to store and query logs. When an organization streams the sign-in logs and audit logs from Azure Active Directory to an Azure Log Analytics workspace, however, the Azure Log Analytics bill might rake up. In the blogpost I’ll provide a way to effectively calculate the Azure Log Analytics … Continue reading "Calculating your Azure Log Analytics bill when you stream your Azure AD logs to it"

Field notes: What is the current default SMTP certificate for your Exchange Server environment?

The last couple of weeks I have been working with several Microsoft Exchange Server environments. I encountered lots of expired certificates. Organizations wanted help with that. One of the questions that kept coming back was: Do I press Yes to change the default certificate, when I enabled the certificate for SMTP? The official answer is … Continue reading "Field notes: What is the current default SMTP certificate for your Exchange Server environment?"

14 years of The Things that are Better Left Unspoken

Today marks the 14th anniversary of the first blog post on this blog, titled The Things That Are Better Left Unspoken. Fourteen years ago, in June, 2006, I posted the first blog post here. Since June 23, 2006, this blog has featured 1,170 more blogposts and draws the attention of 20,000 pairs of eyeballs daily. … Continue reading "14 years of The Things that are Better Left Unspoken"

HOWTO: Set an alert to notify when an Azure AD emergency access account is used

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. For administrative access at al times and under all circumstances, Microsoft recommends to create at least one emergency access account in Azure Active Directory when an organization has Azure AD Premium P1 and/or … Continue reading "HOWTO: Set an alert to notify when an Azure AD emergency access account is used"

TODO: Move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access

Last month, I made the case to move from per-user MFA to Conditional Access to leave behind the remnants of the PhoneFactor infrastructure, presented as old pages linked to from the Azure Portal. Today I want to talk about the ‘Allow users to remember multi-factor authentication on devices they trust’ option, that allows administrator to … Continue reading "TODO: Move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access"