All posts tagged AD FS

ca-logoAfter the last blog about conditional access of Outlook Web App and SharePoint Online is forcing that the Managed Browser is used when accessing the service. This last part can be done via Active Directory Federation Service (AD FS). With AD FS you are able to allow or block access based on attributes of the client that is trying to authenticate.

As part of the March update of the Managed Browser the Managed Browser is identifiable as ManagedBrowser via the UserAgent, before March the Managed Browser had a generic UserAgent.

Read more

adfs02According to the Intune alerts you may run into issues when using Windows Phone 8.1, Microsoft Intune together with ADFS for device registration and authentication on your own Active Directory domain instead of directly in Azure Active Directory. Let’s have a look.

If you use  ADFS for on-premises device registration you may have configured a setting called DeviceAuthenticationEnabled to be enabled in the ADFS global authentication policy. Because of this setting users with a Windows Phone cannot authenticate while accessing the Company Portal. Users will be redirected to the Sign In button on the Windows Phone every time you supply your UPN. The redirection to the AD FS logon screen will not happen.

Read more