Category Archives: Setup and Deployment

HOWTO: Repurpose an Azure AD-joined device in an organization without Intune

Many organizations are adopting Azure AD Join as the mechanism to create a trust relationship between their Windows 10-based devices and their Identity solution. In the obligatory joiners/workers/leavers processes, however, it might make sense to repurpose an Azure AD-joined devices to another person in the organization. In this blogpost I’ll explain how to achieve this […]

Posted on August 10, 2020 by Sander Berkouwer in Azure Active Directory, Microsoft Windows 10, Setup and Deployment

0  

HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune

The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen for Azure AD accounts. However, a method to achieve the same goal without […]

Posted on January 22, 2020 by Sander Berkouwer in Azure Active Directory, Multi-Factor Authentication, Security, Setup and Deployment

4  

In-place upgrading an Active Directory Domain Controller to Windows Server build 17093 might fail

Last week, Microsoft announced the latest Windows Server Insider Preview build, nicknamed Build 17093, referencing its 10.0.17093.1000 version number. This Windows Server version was released to Windows Server Insiders on February 13, 2018.   About Windows Server Preview Build 17093 This build is a preview build of the next Semi-Annual Channel (SAC) release of Windows […]

Posted on February 16, 2018 by Sander Berkouwer in Active Directory, Setup and Deployment, Windows Server Technical Preview

0  

Configuring the ClaimsApp Demo for Azure Active Directory Authentication

Most people who have attended one of my sessions, know I love to show off the power of claims using the ClaimsApp. This web app is not very fancy, but it does a heck of a job, just by displaying all the claimtypes possible, or configured for the Relying Party Trust (RPT) in Active Directory […]

Posted on March 9, 2017 by Sander Berkouwer in Azure Active Directory, Community, Setup and Deployment, Tools I Use

0  

Supported Azure MFA Server Deployment Scenarios and their pros and cons

Just like Microsoft is able to differentiate between different sizes and maturity levels of customers in its licensing, so is Microsoft’s on-premises Azure Multi-Factor Authentication (MFA) Server product. Azure MFA Server allows for four Microsoft-supported deployment scenarios: Simple Deployment One All-in-one Multi-Factor Authentication Server implementation Redundant Deployment Two All-in-one Multi-Factor Authentication Servers with replication Stretched […]

Posted on February 7, 2017 by Sander Berkouwer in Multi-Factor Authentication, Setup and Deployment

1  

KnowledgeBase: Important Issues in Windows Server 2016 Technical Preview 4 (Release Notes)

At the same time Microsoft released the Windows Server 2016 Technical Preview 4 bits to MSDN subscribers, they also released the Release Notes on a page on the Microsoft TechNet. On this page you can view the critical issues, that have currently been identified, that might require avoidance or workaround to get Windows Server 2016 […]

Posted on November 20, 2015 by Sander Berkouwer in Beta Experiences, Setup and Deployment, Windows Server Technical Preview

0  

AD FS Certificates Best Practices, Part 4: Configuring the AD FS Token Signing and -Decrypting Certs for a longer lifetime

This entry is part 4 of 4 in the series AD FS Certificates Best Practices

Microsoft Active Directory Federation Services implementations, typically, use three certificates for its functionality: Service communication certificate Token-signing certificate Token-decrypting certificate In the past three parts of this series, I’ve discussed the best practices I use when choosing the settings for my service communication certificate (request). Today, I’ll share my best practices for the token-signing certificate […]

Posted on November 16, 2015 by Sander Berkouwer in Active Directory Federation Services, Setup and Deployment

2  

Ten things you should know about Azure AD Connect and Azure AD Sync

Azure Active Directory powers Microsoft Online Services, ranging from Office 365 to Intune, in terms of identity. While this compels to organizations in a strong way, Microsoft even offers hybrid identity options to organizations running on-premises Windows Server Active Directory  to stretch their identity layer to the cloud. The tool from Microsoft to support its […]

Posted on October 19, 2015 by Sander Berkouwer in Active Directory, Azure Active Directory, Setup and Deployment, Systems Administration, Tools I Use

20  

KnowledgeBase: Important Issues in Windows Server 2016 Technical Preview (Release Notes)

At the same time Microsoft released the Windows Server 2016 Technical Preview 3 bits to MSDN subscribers, they also released the Release Notes on a page on the Microsoft TechNet. On this page you can view the critical issues, that have currently been identified, that might require avoidance or workaround to get Windows Server 2016 […]

Posted on August 21, 2015 by Sander Berkouwer in Beta Experiences, Setup and Deployment, Windows Server Technical Preview

0  

AD FS Certificates Best Practices, Part 3: Cryptographic Next Generation (CNG)-generated Private Keys

This entry is part 3 of 4 in the series AD FS Certificates Best Practices

Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward certificates as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation… That’s right, you won’t […]

Posted on July 11, 2015 by Sander Berkouwer in Active Directory Federation Services, Setup and Deployment

4