Apply corporate background to Windows 10 Pro with Microsoft Intune

Late afternoon on Friday, I received a mail with the subject “Isn’t it just nice :)” and including the following screenshot attached. This is one of my smaller customers that use Microsoft Intune to manage his installation of Windows 10 Pro device. A couple of weeks back we have had a workshop on how to …

Continue reading "Apply corporate background to Windows 10 Pro with Microsoft Intune" »

Azure AD v2 Apps vs. The brick wall

Azure AD V2 Apps vs. The Brick Wall a.k.a. admin consent! Some month ago I was introduced to what Microsoft internally calls “The Brick Wall”. The end users are left with a prompt for admin consent enforced by the Microsoft Azure Federation Gateway and even if a Global Administrator (or Application Administrator) tried to approve …

Continue reading "Azure AD v2 Apps vs. The brick wall" »

Minor ADFS 2016 upgrade bug related to custom web theme

This is just a quick post I wanted to share online as this is the second time I was asked/heard about this ADFS 2016 bug. A minor bug exist in ADFS 2016 after upgrading from ADFS 2012 R2, when you have added a custom ADFS illustration picture. When willl I see this bug? Often you …

Continue reading "Minor ADFS 2016 upgrade bug related to custom web theme" »

Microsoft Flow and Azure Conditional Access (Azure MFA)

If you have deployed Azure Conditional Access (Azure MFA) you might have indirectly broken Microsoft Flow and impacted some service accounts used for running a business critical workflow. It is possible to make an exception with Azure Conditional Access that does not block your Microsoft Flow from working. Example of issue: PowerUsers: MFA and Invalid …

Continue reading "Microsoft Flow and Azure Conditional Access (Azure MFA)" »

Deploy EXE file from Microsoft Intune using Azure Blob Storage

A couple of weeks ago I managed to get my first deployment of executables to work with Microsoft Intune. This approach not only allows for deployment of EXE files but also MSI files alongside other files like DLL, CAB and MSP files. Basically building a deployment package that can be distributed by using Microsoft Intune …

Continue reading "Deploy EXE file from Microsoft Intune using Azure Blob Storage" »

Azure Conditional Access support for Dynamics 365 for Finance and Operations

Some weeks back I discussed with a customer whether Microsoft Dynamics 365 for Finance and Operations could be protected by using Microsoft Azure Conditional Access instead of just configuring a specific IP range whitelist within the Microsoft Dynamics 365 environment. Utilizing Microsoft Conditional Access would provide a more modern workplace approach for accessing Microsoft Dynamics …

Continue reading "Azure Conditional Access support for Dynamics 365 for Finance and Operations" »

Microsoft Azure AD Joined devices support Kerberos

Not many people are aware that Microsoft Windows 10 since version 1609 have had support for Kerberos authentication and thereby also bridging an important gap between Azure AD Joined and Domain Joined machines. This is an important step in the migration to a more modern environment with hybrid devices and enabling modern workplace scenarios for …

Continue reading "Microsoft Azure AD Joined devices support Kerberos" »

Office 365 / Azure AD: Block sign in for accounts with password hash sync

Expired Active Directory users are still able to sign into Microsoft Office 365 / Azure Active Directory when using password Synchronization If you have made the move from ADFS / PTA to using Azure AD Password Synchronization with SSO you will soon realize that former / terminated employees are still able to sign into Microsoft Office …

Continue reading "Office 365 / Azure AD: Block sign in for accounts with password hash sync" »

iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app

With the release of iOS 11.0, the native mail client has now support for OAuth 2.0. OAuth 2.0 is often mentioned as modern authentication and provides some new capabilities like Microsoft Azure Multi-factor Authentication support and allows to using certificates for authentications. Modern Authentication uses a secure token instead of relying on a username and …

Continue reading "iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app" »

login.windows.net still needs to be added to trusted sites in Internet Explorer

During some troubleshooting it was discovered that for some reason “https://login.windows.net” needs to added to “IE trusted site” else you wouldn’t get a PRT (Primary Refresh Token) issued in some scenarios. Microsoft have been working on merging the Azure AD Authentication Flows since March 2015, but this still doesn’t seem to be merged end-to-end yet. Source: Simplifying …

Continue reading "login.windows.net still needs to be added to trusted sites in Internet Explorer" »