Improving Password Security In the Cloud and On-Premises

Passwords are well known to be generally insecure the way users create them. They don’t like “complex” passwords such as p9Y8Li!uk%al and so if they are forced to create a “complex” password due to a policy in say Active Directory, or because their password has expired and they need to generate a new one, they… Continue reading Improving Password Security In the Cloud and On-Premises

Azure AD Single Sign-On Basic Auth Popup

When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018… Continue reading Azure AD Single Sign-On Basic Auth Popup

Configuring Hybrid Device Join On Active Directory with SSO

The instructions from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup are missing some of the steps on setting up hybrid device join to Azure AD. This is a complete list of steps when Pass-Thru auth with SSO is enabled on the domain. Enable SSO – this is covered elsewhere. You can also do hybrid device join on a federated… Continue reading Configuring Hybrid Device Join On Active Directory with SSO

Azure AD SSO and Disabled Computer Accounts

When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past week disable this when generally disabling all the computer accounts that have not logged in for X days. Therefore if… Continue reading Azure AD SSO and Disabled Computer Accounts

AADConnect Password Reset Date Sync Issues

Got this error the other day at a client and found nothing listed on Internet search for it, which of course means only I have this issue! But even so, lets get to see what it means and how to fix it. The error turned up in the AADConnect tool and it reported sync-generic-failure on… Continue reading AADConnect Password Reset Date Sync Issues

Azure MFA 503 Error When Authenticating

If you have installed version 7 of Azure MFA Server on-premises (7.0.0.9 or 7.0.2.1 at the time of writing) and have enabled IIS authentication with Forms Based authentication and the Native App, but when you need to authenticate you are presented with a 503 DLL error. The reason for this is that version 7 removed… Continue reading Azure MFA 503 Error When Authenticating

Upgrading Azure Multi-Factor Authentication Server

A new version of Azure MFA Server was released at the end of March 2016, version 7.0.0.9. This provides an in place upgrade to the previous version 6.3.1.1. This version is based on .NET 4.5 and not .NET 2.0, which is the big change in the product, along with new end user functionality in the… Continue reading Upgrading Azure Multi-Factor Authentication Server

Password Writeback Errors

I had been struggling with password writeback testing and was coming across the following set of errors, and found that searching for them uncovered nothing online. So I wrote this blog to remind me and help you solve these issues. These errors are all visible in the Application log of the Event Viewer. User Restrictions… Continue reading Password Writeback Errors

Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

[Last updated 9th November 2022 – note that Microsoft now include this functionality in their own product as written at https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-adsyncconfig#set-adsyncexchangehybridpermissions] [Last updated 11th November 2019 – added support for Exchange Server automapping support, which was announced during Microsoft Ignite 2019 and will be supported in the first half of calendar year 2020. This is… Continue reading Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync