Azure AD v2 Apps vs. The brick wall

Azure AD V2 Apps vs. The Brick Wall a.k.a. admin consent! Some month ago I was introduced to what Microsoft internally calls “The Brick Wall”. The end users are left with a prompt for admin consent enforced by the Microsoft Azure Federation Gateway and even if a Global Administrator (or Application Administrator) tried to approve …

Continue reading "Azure AD v2 Apps vs. The brick wall" »

Minor ADFS 2016 upgrade bug related to custom web theme

This is just a quick post I wanted to share online as this is the second time I was asked/heard about this ADFS 2016 bug. A minor bug exist in ADFS 2016 after upgrading from ADFS 2012 R2, when you have added a custom ADFS illustration picture. When willl I see this bug? Often you …

Continue reading "Minor ADFS 2016 upgrade bug related to custom web theme" »

Microsoft Flow and Azure Conditional Access (Azure MFA)

If you have deployed Azure Conditional Access (Azure MFA) you might have indirectly broken Microsoft Flow and impacted some service accounts used for running a business critical workflow. It is possible to make an exception with Azure Conditional Access that does not block your Microsoft Flow from working. Example of issue: PowerUsers: MFA and Invalid …

Continue reading "Microsoft Flow and Azure Conditional Access (Azure MFA)" »

Deploy EXE file from Microsoft Intune using Azure Blob Storage

A couple of weeks ago I managed to get my first deployment of executables to work with Microsoft Intune. This approach not only allows for deployment of EXE files but also MSI files alongside other files like DLL, CAB and MSP files. Basically building a deployment package that can be distributed by using Microsoft Intune …

Continue reading "Deploy EXE file from Microsoft Intune using Azure Blob Storage" »

Microsoft Azure AD Joined devices support Kerberos

Not many people are aware that Microsoft Windows 10 since version 1609 have had support for Kerberos authentication and thereby also bridging an important gap between Azure AD Joined and Domain Joined machines. This is an important step in the migration to a more modern environment with hybrid devices and enabling modern workplace scenarios for …

Continue reading "Microsoft Azure AD Joined devices support Kerberos" »

iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app

With the release of iOS 11.0, the native mail client has now support for OAuth 2.0. OAuth 2.0 is often mentioned as modern authentication and provides some new capabilities like Microsoft Azure Multi-factor Authentication support and allows to using certificates for authentications. Modern Authentication uses a secure token instead of relying on a username and …

Continue reading "iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app" »

login.windows.net still needs to be added to trusted sites in Internet Explorer

During some troubleshooting it was discovered that for some reason “https://login.windows.net” needs to added to “IE trusted site” else you wouldn’t get a PRT (Primary Refresh Token) issued in some scenarios. Microsoft have been working on merging the Azure AD Authentication Flows since March 2015, but this still doesn’t seem to be merged end-to-end yet. Source: Simplifying …

Continue reading "login.windows.net still needs to be added to trusted sites in Internet Explorer" »

Upgrading Azure Virtual Machine from Windows Server 2012 R2 to Windows Server 2016

Microsoft currently doesn’t support in-place upgrade of Windows operating systems running on virtual machines in Microsoft Azure. I have successfully performed several upgrades for customers throughout the last couple of years. Microsoft and other community blog post would recommend that you either create and new server or download the VHD from Microsoft Azure and perform the …

Continue reading "Upgrading Azure Virtual Machine from Windows Server 2012 R2 to Windows Server 2016" »

Microsoft Azure Automation Start and Stop Virtual Machines using Runbooks

This short guide will show you how to use Microsoft Azure Automation for managing the start and stop of your Microsoft Azure Virtual Machines. This guide provides to PowerShell Automation script for Azure Automation: Workflow: Start_My_Azure_VMs – Start_My_Azure_VMs.ps1 (5.26 kb) – Script for starting domain controllers first and than all the rest of the virtual machines on your Azure Subscription Workflow: …

Continue reading "Microsoft Azure Automation Start and Stop Virtual Machines using Runbooks" »

Associate your Windows Azure account with your Office 365 Organizational Directory (Windows Azure Active Directory)

Associate your Windows Azure account with your Office 365 Organizational Directory (Windows Azure Active Directory) Here are the steps for getting access to your Office 365 Organizational Directory (Windows Azure Active Directory) from the Windows Azure Management Portal. Prerequisites: You should already have subscribed to an Office 365 account. You would also need administrative permissions …

Continue reading "Associate your Windows Azure account with your Office 365 Organizational Directory (Windows Azure Active Directory)" »