Tag: Azure AD
-
Enabling on-premises MFA in AAD : when it just doesn’t work…
When you want to enable MultiFactorAuthentication (MFA) for Azure / Intune / Office 365 / Dynamics 365 and you are using federated logins and want to have the MFA provider to be on-premises (integrated with ADFS/PingFed/other) integrated.. you might run into an issue where the Azure MFA page keeps popping-up and asking you to register…
-
UPN Change of user not updated in AAD (O365/Intune/other)
When you want to change the user UPN, in certain conditions, this UPN change will not be synchronized to AAD (Office365/Intune/other).. why? When you have federated domains for Office 365, or rather AAD in general and you want to switch your users from one domain to another, you will notice that that object will replicate…
-
Selective password synchronization with AAD-Connect
In my previous post, I talked about the possibility of using Kerberos Constraint Delegation to avoid having passwords in AAD. However, sometime you want to have a few passwords in AAD-Domain Services to ensure that administrators can still login to the VM’s interactively (RDP) or users are able to use certain services that are not…
-
AAD-DS + KCD-PT + Federation (or how to avoid passwords on the cloud)
New (and only available within Azure) are the Azure Active Directory Domain Services. This service is based on Azure Active Directory and the data replicated into it. It provides Domain Services as a service to subscription administrators and can be very useful for many scenario’s where domain services are required, but security or management of…
-
ADFS on Azure
Azure Active Directory and thus any relying party on that service (such as Office 365) has two different modes for (your) custom domains that are added to it. Managed and Federated. Managed means that the authentication happens against the Azure Active Directory. The password (-hashes) of the user accounts are in Azure AD and no…