Azure AD Single Sign-On Basic Auth Popup

When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018… Continue reading Azure AD Single Sign-On Basic Auth Popup

Configuring Hybrid Device Join On Active Directory with SSO

The instructions from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup are missing some of the steps on setting up hybrid device join to Azure AD. This is a complete list of steps when Pass-Thru auth with SSO is enabled on the domain. Enable SSO – this is covered elsewhere. You can also do hybrid device join on a federated… Continue reading Configuring Hybrid Device Join On Active Directory with SSO

Azure AD SSO and Disabled Computer Accounts

When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past week disable this when generally disabling all the computer accounts that have not logged in for X days. Therefore if… Continue reading Azure AD SSO and Disabled Computer Accounts

AADConnect Password Reset Date Sync Issues

Got this error the other day at a client and found nothing listed on Internet search for it, which of course means only I have this issue! But even so, lets get to see what it means and how to fix it. The error turned up in the AADConnect tool and it reported sync-generic-failure on… Continue reading AADConnect Password Reset Date Sync Issues