Decommission ADFS When Moving To Azure AD Based Authentication

I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. This guide is for Windows 2012 R2 installations… Continue reading Decommission ADFS When Moving To Azure AD Based Authentication

Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

[Last updated 11th November 2019 – added support for Exchange Server automapping support, which was announced during Microsoft Ignite 2019 and will be supported in the first half of calendar year 2020. This is supported by adding writeback for msExchDelegateListBL and msExchDelegateListLink attributes. The below Exchange Hybrid writeback script has been updated to support these… Continue reading Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

Office 365 MDM (Mobile Device Management) From A Users Perspective

The following list of steps and screenshots are taken during the enrolment process to add an iPhone and an Android phone to Office 365 once the free MDM solution that comes with Office 365 is enabled for the user. Step Details Image from iPhone Image from Android 1. Once your IT Administrator enables MDM for… Continue reading Office 365 MDM (Mobile Device Management) From A Users Perspective

Continuing Adventures in AD FS Claims Rules

Updated 20th April 2017 There is an excellent article at http://blogs.technet.com/b/askds/archive/2012/06/26/an-adfs-claims-rules-adventure.aspx which discusses the use of Claims Rules in AD FS to limit some of the functionality of Office 365 to specific network locations, such as being only allowed to use Outlook when on the company LAN or VPN or to selected groups of users.… Continue reading Continuing Adventures in AD FS Claims Rules

Intermittent Error 8004789A with AD FS and WAP 3.0 (Windows Server 2012 R2)

This error appears when you attempt to authenticate with Office 365 using AD FS 3.0 – but only sometimes, and often it was working fine and then it starts! I’ve found this error is due to two things, though there are other reasons. The full list of issues is at http://blogs.technet.com/b/applicationproxyblog/archive/2014/05/28/understanding-and-fixing-proxy-trust-ctl-issues-with-ad-fs-2012-r2-and-web-application-proxy.aspx. I found that this… Continue reading Intermittent Error 8004789A with AD FS and WAP 3.0 (Windows Server 2012 R2)

Changing AD FS 3.0 Certificates

I am quite adept at configuring certificates and changing them around, but this one took me completely by surprise as it has a bunch of oddities to consider. First the errors: Web Application Proxy (WAP) reported 0x80075213. In the event log the following: The federation server proxy could not establish a trust with the Federation… Continue reading Changing AD FS 3.0 Certificates