Office 365 / Azure AD: Block sign in for accounts with password hash sync

Expired Active Directory users are still able to sign into Microsoft Office 365 / Azure Active Directory when using password Synchronization If you have made the move from ADFS / PTA to using Azure AD Password Synchronization with SSO you will soon realize that former / terminated employees are still able to sign into Microsoft Office …

Continue reading "Office 365 / Azure AD: Block sign in for accounts with password hash sync" »

iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app

With the release of iOS 11.0, the native mail client has now support for OAuth 2.0. OAuth 2.0 is often mentioned as modern authentication and provides some new capabilities like Microsoft Azure Multi-factor Authentication support and allows to using certificates for authentications. Modern Authentication uses a secure token instead of relying on a username and …

Continue reading "iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app" »

login.windows.net still needs to be added to trusted sites in Internet Explorer

During some troubleshooting it was discovered that for some reason “https://login.windows.net” needs to added to “IE trusted site” else you wouldn’t get a PRT (Primary Refresh Token) issued in some scenarios. Microsoft have been working on merging the Azure AD Authentication Flows since March 2015, but this still doesn’t seem to be merged end-to-end yet. Source: Simplifying …

Continue reading "login.windows.net still needs to be added to trusted sites in Internet Explorer" »

Credential Roaming vs. Device Registration Certificate for Conditional Access

During the last couple of weeks I have been asked from a couple of my customers on how to get Azure device registration to work in environments using either Windows Credential Roaming or Roaming User Profile (with Certificates included). After doing some research on the subject I found the answer on docs.microsoft.com, Microsoft doesn’t support …

Continue reading "Credential Roaming vs. Device Registration Certificate for Conditional Access" »

Speaking: Everything Windows User Group Meeting, September 2017

I’m proud to announce that I’ve been invited to speak at the Everything Windows User Group event held at Edgemo in Aarhus on Tuesday the 12th of September. Bridging the legacy gap in modern workplaces Microsoft is rapidly providing a strong platform for running Azure AD joined devices in the cloud with modern management (Intune), …

Continue reading "Speaking: Everything Windows User Group Meeting, September 2017" »

Upgrading Azure Virtual Machine from Windows Server 2012 R2 to Windows Server 2016

Microsoft currently doesn’t support in-place upgrade of Windows operating systems running on virtual machines in Microsoft Azure. I have successfully performed several upgrades for customers throughout the last couple of years. Microsoft and other community blog post would recommend that you either create and new server or download the VHD from Microsoft Azure and perform the …

Continue reading "Upgrading Azure Virtual Machine from Windows Server 2012 R2 to Windows Server 2016" »