Categories
app password ATP Authentication Azure Azure Active Directory Azure AD Azure Information Protection AzureAD conditional access EM+S email enterprise mobility + security management mcm mcsm MFA microsoft modern authentication multi-factor auth Multi-Factor Authentication sspr

MFA and End User Impacts

This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see […]

Categories
ADFS ADFS 3.0 Azure Azure Active Directory Azure AD AzureAD

Decommission ADFS When Moving To Azure AD Based Authentication

I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. This guide is for Windows 2012 R2 installations […]

Categories
Azure Azure Information Protection cloud firewall Office 365 proxy SSL

SSL Inspection and Office 365

Lots of cloud endpoint URL’s break service flow if you enable SSL Inspection on the network devices between your client and the service. My most recent example of this Enterprise State Routing in Windows 10. Microsoft have a list of URLs for the endpoints to their service, where they are categorised as Default, Allow or […]

Categories
Azure Defender malware

Installing and Updating Microsoft AntiMalware in Azure

The Microsoft AntiMalware agent is a virtual machine extension in Azure that adds support for build in antimalware management within your virtual machines hosted in Azure. The agent can be added easily when you are creating a new VM, which we will show first below using the resource manager model, but also can be added […]

Categories
Azure Azure Active Directory MFA Multi-Factor Authentication Office 365

Azure MFA 503 Error When Authenticating

If you have installed version 7 of Azure MFA Server on-premises (7.0.0.9 or 7.0.2.1 at the time of writing) and have enabled IIS authentication with Forms Based authentication and the Native App, but when you need to authenticate you are presented with a 503 DLL error. The reason for this is that version 7 removed […]

Categories
Azure Azure Active Directory MFA Multi-Factor Authentication Office 365

Upgrading Azure Multi-Factor Authentication Server

A new version of Azure MFA Server was released at the end of March 2016, version 7.0.0.9. This provides an in place upgrade to the previous version 6.3.1.1. This version is based on .NET 4.5 and not .NET 2.0, which is the big change in the product, along with new end user functionality in the […]

Categories
Azure MFA multi-factor auth Multi-Factor Authentication Office 365

Installing Azure Multi-Factor Authentication and ADFS

I have a requirement to ensure that Office 365 users external to the network of one of my clients need a second factor of authentication when accessing Office 365 resources from outside the corporate network. The free Multi-Factor Authentication (MFA) feature of Office 365 will not distinguish between network location so we need to enable […]

Categories
Azure ExpressRoute VNet

Configuring ExpressRoute With NRP Errors

I had a scenario where when I ran Get-AzureRmExpressRouteServiceProvider in a new Azure tenant I would get the following error in PowerShell. Get-AzureRmExpressRouteServiceProvider : Subscription a4ca03ea-42e4-4a18-a50f-79bcc53907e4 is not registered with NRP.At line:1 char:1+ Get-AzureRmExpressRouteServiceProvider+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~    + CategoryInfo          : CloseError: (:) [Get-AzureRmExpressRouteServiceProvider], CloudException    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.GetAzureExpressRouteServiceProviderCommand This is one of the required cmdlets in configuring […]

Categories
Azure Azure Active Directory Group Policy IAmMEC Office 365 password

Password Writeback Errors

I had been struggling with password writeback testing and was coming across the following set of errors, and found that searching for them uncovered nothing online. So I wrote this blog to remind me and help you solve these issues. These errors are all visible in the Application log of the Event Viewer. User Restrictions […]

Categories
2008 2008 R2 2012 2012 R2 active directory ADFS 3.0 Azure Azure Active Directory cloud exchange exchange online groups hybrid IAmMEC Office 365 WAP Web Application Proxy windows

Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

[Last updated 11th November 2019 – added support for Exchange Server automapping support, which was announced during Microsoft Ignite 2019 and will be supported in the first half of calendar year 2020. This is supported by adding writeback for msExchDelegateListBL and msExchDelegateListLink attributes. The below Exchange Hybrid writeback script has been updated to support these […]

Categories
Azure cloud exchange exchange online groups IAmMEC mcm mcsm MVP Office 365 owa powershell

Managing Office 365 Groups With Remote PowerShell

Announced during Microsoft Ignite 2015, there are now PowerShell administration cmdlets available for the administration of the Groups feature in Office 365. The cmdlets are all based around “UnifedGroups”, for example Get-UnifiedGroups. Create a Group Use New-UnifiedGroup to do this. An example would be New-UnifiedGroup -DisplayName “Sales” -Alias sales –EmailAddress sales@contoso.com The use of the […]

Categories
ADFS app password Azure IAmMEC MFA multi-factor auth Multi-Factor Authentication Office 365

How To Change Your Office 365 App Password

If you are enabled for Multi-Factor Authentication (MFA) in Office 365 then you will need an App Password for some applications that do not support MFA. The user interface for creating a new App Password is well hidden in Office 365 (its not on the Password page for example). Post updated in 2016 to take […]

Categories
2010 2013 Azure exchange IAmMEC MFA MVP owa smartphone

Exchange OWA and Multi-Factor Authentication

This article is now out of date Multi-factor authentication (MFA), that is the need to have a username, password and something else to pass authentication is possible with on-premises servers using a service from Windows Azure and the Multi-Factor Authentication Server (an on-premises piece of software). The Multi-Factor Authentication Server intercepts login request to OWA, […]

Categories
Azure MFA multi-factor auth password phone factor policy pptp remote desktop rras sdk vpn

Windows RRAS VPN and Multi Factor Authentication

This blog post covers the steps to add Multi Factor Authentication (MFA) to Windows RRAS server. Once this is enabled, and you sign in with a user enabled for MFA in Azure Multi-Factor Authentication Server (an on-premises server) you are required to answer your phone before you can connect over the VPN. That is, you […]

Categories
2008 R2 2012 2012 R2 2013 Azure cloud dirsync exchange exchange online Office 365

Creating Mailboxes in Office 365 When Using DirSync

This blog post describes the process to create a new user in Active Directory on-premises when email is held in Office 365 and DirSync is in use. With DirSync in use the editable copy of the user object is on-premises and most attributes cannot be modified in the cloud. Creating the User Open Active Directory […]

Categories
2010 2013 Azure cloud DNS exchange exchange online hyper-v IAmMEC Office 365 vhd vm vpn

An “Inexpensive” Exchange Lab In Azure

This blog post centres around two scripts that can be used to quickly provision an Exchange Server lab in Azure and then to remove it again. The reason why the blog post is titled “inexpensive” is that Azure charges compute hours even if the virtual machines are shut down. Therefore to make my Exchange lab […]