All posts in Azure

Microsoft released a new version of the Azure Active Directory Application Proxy connector. This updated version uses now SHA2 for signing. Until now only SHA1 signing was used but since SHA1 is deprecated since it is not considered secure anymore. Be sure to update to the latest version if you are using the Azure AD Application Proxy Connector.

If you do not know what the Azure AD application proxy is all about, see the figure below. With the Azure AD Application Proxy you are able to publish internal resources in a secure way via the proxy without needing to publish the resources via an on-premises firewall/proxy and without needing to open ports to your services on premises. The Azure AD Application Proxy is part of Azure AD Premium and therefor part of the Enterprise Mobility +Security suite.

The Azure AD Application Connector

You can download the new connector here. Besides SHA2, the connector is now also supported on Windows Server 2016 and the following;

  • Outbound traffic limited to 443, ports 9350, 9352 and 5671 can be closed now
  • Support for DNS based whitelisting to Azure for on outbound firewalls
  • Better user experience with improved network connection resiliency
  • Custom updates do disappear after updates

capolaad00Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled.

Since the two are basically the same you need to check your Conditional Access policies are still configured correctly. Read more

ms-passport-00Microsoft has added support for Microsoft Passport for Work as an alternative sign-in method for Windows 10 users.

If users of a Windows 10 device use Active Directory or Azure Active Directory to authenticate the password, smart card or virtual smart card can be replaced for Microsoft Password. As an Intune admin you are able to configure how Microsoft Passport is going to behave. Let’s have a look!

Read more

ibiza01Earlier this month Microsoft announced the new Microsoft Intune functionality that have been released earlier this week. One of the new features is the ability to manage Mobile Application Management Policies from the new Azure Portal.

With the MAM policies you are able to prevent data leakage from the corporate apps that are managed but for now only for Apps that are managed without being enrolled in to Microsoft Intune. The MAM policies / Intune node in the Azure portal are currently in preview.

A quick sneak preview.

Read more

mmsAfter a full, interesting, awesome and very busy MVP Summit in Seattle this year I flew with many other MVPs to Minneapolis for the Midwest Management Summit. The Midwest Management Summit is organized by the Minnesota System Center User Group with the help of many volunteers, in other words a real community event!

And what a nice event it is! Like last year very laid back and after the session is done there is no rush to make place for the following speaker, no the attendees have the option to have a Q&A for 45 minutes.

Read more

WP_20151031_17_16_49_ProIn my blog of a couple of weeks ago I wrote to you that ConfigMgr is alive and kicking and ready for the future, and so it is! The first week of November we were as Enterprise Mobility MVP’s invited at the MVP Summit to attend 4,5 days full of System Center Configuration Manager and Microsoft Intune content.

Unfortunately for you most of it was NDA and we are not allowed to talk about it. Except for one part, we were able to be part of a real hackaton with the Configuration Manager product group!

Read more

As part of book writing I used Azure Active Directory Connect to setup Directory Sync, ADFS and ADFS Proxy in a lab environment. While configuring I saw something helpful which I wanted to share with you. If I wanted to initiate a Sync with the good old DirSync I always ran the Configuration Wizard again, since the last step of the wizard was initiating a sync. Always fun with remembering the accounts and passwords. 😉

With Azure Active Directory a scheduled task is configured to run every 3 hours after the initial configuration. This means that you are able to start the task manually to initiate a sync. May save you some time waiting for objects to be synchronized to Azure Active Directory.


AAD Sync Scheduled Task



In an earlier blog I showed you that Azure Active Directory Connect is the successor of DirSync and AADSync, both are still supported but will be replaced in the future. So while being in the process of preparing my Microsoft Enterprise Mobility Suite session at BriForum this month I wanted to upgrade to the latest and greatest. So how do we upgrade DirSync to AAD Connect?

Let’s have a look, the Product Group made it so easy that it is almost Next, Next Finish. 🙂

Read more

msemsWhen setting up an Enterprise Mobility Suite (EMS) environment and you want to use your own Active Directory domain you definitely need to setup synchronization services with Azure AD. Where we needed to setup DirSync in the past we now need to install and configure the successor Azure AD Sync or the Azure AD Connect synchronization service. You can do this by downloading this tool or by downloading Microsoft Azure Active Directory Connect which is still in preview but does a really great job in simplifying the setup process. Let’s have a look.

Read more