Minor ADFS 2016 upgrade bug related to custom web theme

This is just a quick post I wanted to share online as this is the second time I was asked/heard about this ADFS 2016 bug. A minor bug exist in ADFS 2016 after upgrading from ADFS 2012 R2, when you have added a custom ADFS illustration picture. When willl I see this bug? Often you …

Continue reading "Minor ADFS 2016 upgrade bug related to custom web theme" »

Deploy EXE file from Microsoft Intune using Azure Blob Storage

A couple of weeks ago I managed to get my first deployment of executables to work with Microsoft Intune. This approach not only allows for deployment of EXE files but also MSI files alongside other files like DLL, CAB and MSP files. Basically building a deployment package that can be distributed by using Microsoft Intune …

Continue reading "Deploy EXE file from Microsoft Intune using Azure Blob Storage" »

Azure Conditional Access support for Dynamics 365 for Finance and Operations

Some weeks back I discussed with a customer whether Microsoft Dynamics 365 for Finance and Operations could be protected by using Microsoft Azure Conditional Access instead of just configuring a specific IP range whitelist within the Microsoft Dynamics 365 environment. Utilizing Microsoft Conditional Access would provide a more modern workplace approach for accessing Microsoft Dynamics …

Continue reading "Azure Conditional Access support for Dynamics 365 for Finance and Operations" »

Office 365 / Azure AD: Block sign in for accounts with password hash sync

Expired Active Directory users are still able to sign into Microsoft Office 365 / Azure Active Directory when using password Synchronization If you have made the move from ADFS / PTA to using Azure AD Password Synchronization with SSO you will soon realize that former / terminated employees are still able to sign into Microsoft Office …

Continue reading "Office 365 / Azure AD: Block sign in for accounts with password hash sync" »

iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app

With the release of iOS 11.0, the native mail client has now support for OAuth 2.0. OAuth 2.0 is often mentioned as modern authentication and provides some new capabilities like Microsoft Azure Multi-factor Authentication support and allows to using certificates for authentications. Modern Authentication uses a secure token instead of relying on a username and …

Continue reading "iOS 11 provides support for OAuth 2.0 (Modern Auth) in the native mail app" »

Credential Roaming vs. Device Registration Certificate for Conditional Access

During the last couple of weeks I have been asked from a couple of my customers on how to get Azure device registration to work in environments using either Windows Credential Roaming or Roaming User Profile (with Certificates included). After doing some research on the subject I found the answer on docs.microsoft.com, Microsoft doesn’t support …

Continue reading "Credential Roaming vs. Device Registration Certificate for Conditional Access" »

Microsoft Azure Information Protection app now support CBA

Microsoft just released support for certificate-based authentication (CBA) for the Microsoft Azure Information Protection iOS app. The app integrates with the Microsoft Authenticator app that supports the Apple iOS SafariViewController that enables access to the certificates stored on the iOS device.

Continue reading "Microsoft Azure Information Protection app now support CBA" »

Web Application Proxy 2012 R2 – HTTP to HTTPS redirect

This post applies to Microsoft Web Application Proxy 2012 R2. I recommend that you upgrade to Windows Server 2016 that provides a built-in function within the Web Application Proxy 2016 to perform HTTP to HTTPS direct. See more here Updated post: This post has been updated 07/32/2017. Original post: 25. December 2013 22.15 Performing HTTP …

Continue reading "Web Application Proxy 2012 R2 - HTTP to HTTPS redirect" »

Issue with accessing the DirectAccess console after removing a Domain Controller

Most people don’t know that the DirectAccess servers are tied together with a specific domain controller. In case you decommission the specific domain controller due to upgrade or other reasons the Direct Access console will become inaccessiable. Symptom: Unable to open the DirectAccess configuration in the “Remote Access Management Console” Error message unable to load …

Continue reading "Issue with accessing the DirectAccess console after removing a Domain Controller" »