Microsoft released a new version of the Azure Active Directory Application Proxy connector. This updated version uses now SHA2 for signing. Until now only SHA1 signing was used but since SHA1 is deprecated since it is not considered secure anymore. Be sure to update to the latest version if you are using the Azure AD Application Proxy Connector.

If you do not know what the Azure AD application proxy is all about, see the figure below. With the Azure AD Application Proxy you are able to publish internal resources in a secure way via the proxy without needing to publish the resources via an on-premises firewall/proxy and without needing to open ports to your services on premises. The Azure AD Application Proxy is part of Azure AD Premium and therefor part of the Enterprise Mobility +Security suite.

The Azure AD Application Connector

You can download the new connector here. Besides SHA2, the connector is now also supported on Windows Server 2016 and the following;

  • Outbound traffic limited to 443, ports 9350, 9352 and 5671 can be closed now
  • Support for DNS based whitelisting to Azure for on outbound firewalls
  • Better user experience with improved network connection resiliency
  • Custom updates do disappear after updates

New future ahead.

Categories: ConfigMgr
Comments: No

For the last nine years I was part of IT-Concern and helped the company to grow from the start to a great IT company as it is nowadays. Learned so many things and was able to work at so many customers along the way! Thinking back about so many great things with a lot of gratefulness towards IT-Concern (Koos and Marco) for all changes I got to grow and the ability to embrace the community! Thank you for so many nice chapters in those nine years!

As from the first of March I will be starting a new phase in my career and joining Coretech Global! I will be joining the Denmark organization in a global Consultant role with of course the focus on Enterprise Mobility and Enterprise Client Management. New great chapters will be written, new challenges will be embraced, new people will be met and of course we will be keep on rocking in the Enterprise Mobility and Enterprise Client Management space! Looking forward to the next step in my career!

We have looked in this series of blogs at the architecture, how the integration needs to be configured, and we looked at the admin and end user experience. Next subject is how to enable support for Lookout for Work on iOS devices. (see links to earlier blogs at the bottom of this blog)

It’s a bit different than when using Lookout for Work for Android devices, for Android the app is available in the Google Play store, for iOS the app is not available in the Apple App store.

Read more

After reviewing 2016 and looking forward to 2017 I noticed today that the Kindle version of my new book Mastering System Center Configuration is available now! What a good way to start 2017! 🙂 I wrote this book together with Brett Bennet and Santos Martinez, two Premier Field Engineers of Microsoft.

The book is completely updated for Current Branch and will help you while working or implementing System Center Configuration Manager Current Branch.

Have a look and get your copy here now! 🙂

Like every year I would like to wish you and your family a healthy and successful 2017! I hope that all of your and your family’s whishes may come true. Also this year I would like to start this brand new year with looking back at the year we lived in yesterday. What a year it was!

The year 2016 was again a very good year for me full of community, good friends and a lots of fun in the Enterprise Mobility / Enterprise Client Management world. It was the year of:

Read more

It has been a while after I started this blog series about Intune and Lookout. (see at the bottom of this page the earlier blogs)

Today I had finally time to write about the next subject in this series; the end user experience. Since I will dedicate a blog about the iOS version of the app, this blog will only about the experience on Android devices.

Read more

cloudgateway-01Yesterday the ConfigMgr Product Group released ConfigMgr Current Branch 1610 to the fast channel. As part of this new version of ConfigMgr a new feature is released in preview.

This feature allows you to eliminate the fairly complex infrastructure that allows you to support the Internet based clients. This new feature is called the Cloud Management Gateway.

Read more

capolaad00Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled.

Since the two are basically the same you need to check your Conditional Access policies are still configured correctly. Read more

mtp-blog-3-00The fourth blog about the integration of Microsoft Intune and Lookout MTP we will have a look at the administrative side of things. We will have a look at what we are able to configure in relation to threats, we will have a look the devices that can be managed both in Lookout and how we need to setup compliance within Microsoft Intune.

Read more

In the next couple of days the Microsoft Intune service will be updated. During this update, new Conditional Access features (restrict access to Exchange Online to the Outlook app, Conditional Access for Windows PCs), Android for Work support and the Lookout integration for iOS will be released. Also via the new Azure Portal we are able to manage printing of corporate docs via MAM policies.

Stay tuned, the current version of Intune is: 5.0.7525.0

Source: Microsoft Intune October maintenance windows pre-release notification and https://aka.ms/intunewhatsnew

mtp-blog-3-00In the last two blogs we looked at the global overview and the architecture of the solution. In this blog I want to go a bit deeper and have a look how to integrate the two services with each other.

Like said, the Lookout service is currently hosted on Amazon Web Services and Microsoft Intune is hosted on Microsoft Intune.

Read more