Categories
ADFS ADFS 3.0 Azure Azure Active Directory Azure AD AzureAD

Decommission ADFS When Moving To Azure AD Based Authentication

I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. This guide is for Windows 2012 R2 installations […]

Categories
ADFS kerberos Office 365

RC4 Kerberos and AD FS Issues

It has become common place to consider the position of the RC4 cipher in TLS connections, but this is not something that you can take from a TLS connection (HTTPS) and assume the same for Kerberos connections. If you do disable RC4 for Kerberos then there are some things to consider, especially is you have […]

Categories
ADFS ADFS Connector MFA Multi-Factor Authentication Office 365

ADFS Adapter Issues With Upgrading MFA 6.3.1 to Version 7

Upgrading the ADFS Adapter is not straight forward, though the readme notes for the upgrade make no mention of issues! To upgrade MFA Server 6.3.1 to 7 (so you can remove .NET 2 as a requirement, as that goes out of support soon) then you need to download the MFA installer to each MFA server […]

Categories
ADFS ADFS 2.0 ADFS 3.0 IAmMEC MDM Mobile Device Management Multi-Factor Authentication OD4B ODFB Office 365 OneDrive OneDrive For Business OWA for Devices

Office 365 MDM (Mobile Device Management) From A Users Perspective

The following list of steps and screenshots are taken during the enrolment process to add an iPhone and an Android phone to Office 365 once the free MDM solution that comes with Office 365 is enabled for the user. Step Details Image from iPhone Image from Android 1. Once your IT Administrator enables MDM for […]

Categories
ADFS app password Azure IAmMEC MFA multi-factor auth Multi-Factor Authentication Office 365

How To Change Your Office 365 App Password

If you are enabled for Multi-Factor Authentication (MFA) in Office 365 then you will need an App Password for some applications that do not support MFA. The user interface for creating a new App Password is well hidden in Office 365 (its not on the Password page for example). Post updated in 2016 to take […]

Categories
2013 activesync ADFS ADFS 3.0 exchange online https Office 365 Outlook OWA for Devices Web Application Proxy

Continuing Adventures in AD FS Claims Rules

Updated 20th April 2017 There is an excellent article at http://blogs.technet.com/b/askds/archive/2012/06/26/an-adfs-claims-rules-adventure.aspx which discusses the use of Claims Rules in AD FS to limit some of the functionality of Office 365 to specific network locations, such as being only allowed to use Outlook when on the company LAN or VPN or to selected groups of users. […]

Categories
2012 R2 2013 ADFS ADFS 3.0 Office 365

Intermittent Error 8004789A with AD FS and WAP 3.0 (Windows Server 2012 R2)

This error appears when you attempt to authenticate with Office 365 using AD FS 3.0 – but only sometimes, and often it was working fine and then it starts! I’ve found this error is due to two things, though there are other reasons. The full list of issues is at http://blogs.technet.com/b/applicationproxyblog/archive/2014/05/28/understanding-and-fixing-proxy-trust-ctl-issues-with-ad-fs-2012-r2-and-web-application-proxy.aspx. I found that this […]

Categories
2012 2012 R2 ADFS ADFS 3.0 certificates IAmMEC Office 365 WAP Web Application Proxy

Changing AD FS 3.0 Certificates

I am quite adept at configuring certificates and changing them around, but this one took me completely by surprise as it has a bunch of oddities to consider. First the errors: Web Application Proxy (WAP) reported 0x80075213. In the event log the following: The federation server proxy could not establish a trust with the Federation […]

Categories
2010 2013 64 bit aadrm ADFS ADFS 2.0 DLP DNS exchange exchange online https hybrid IAmMEC load balancer loadbalancer mcm mcsm MVP Office 365 powershell rms sharepoint warm

Configuring Exchange On-Premises to Use Azure Rights Management

This article is the fifth in a series of posts looking at Microsoft’s new Rights Management product set. In an earlier previous post we looked at turning on the feature in Office 365 and in this post we will look at enabling on-premises Exchange Servers to use this cloud based RMS server. This means your […]

Categories
2010 ADFS ADFS 2.0 certificates exchange exchange online federation Office 365 organization relationships owa powershell

OWA and Moving Mailboxes to Office 365

Lets imagine a scenario where you are using an on-premises Exchange Server and users’ use Outlook Web App, and then you move some mailboxes to the Office 365 cloud with Hybrid Coexistence enabled. The user might not know their mailbox has been moved and so yesterday they went to https://mail.company.com/owa, but today they need to visit […]

Categories
2010 2013 64 bit active directory ADFS ADFS 2.0 certificates exchange exchange online https isa mcm microsoft Office 365 pki tmg

Publishing ADFS Through ISA or TMG Server

To enable single sign-on in Office 365 and a variety of other applications you need to provide a federated authentication system. Microsoft’s free server software for this is currently Active Directory Federation Server 2.0 (ADFS), which is downloaded from Microsoft’s website. ADFS is installed on a server within your organisation, and a trust (utilising trusted […]

Categories
2007 2010 2013 ADFS ADFS 2.0 certificates exchange exchange online https hybrid IAmMEC ISA Server 2006 mcm Office 365 SSL tmg

Changing ADFS 2.0 Endpoint URL for Office 365

If you are configuring single sign-on for Office 365 then you will need a server running Active Directory Federation Services 2.0 (ADFS 2.0). When you install this you are asked for a URL that acts as an endpoint for the ADFS service, which if you are publishing that endpoint through a firewall such as TMG […]