The Issue We recently had an issue where we tried to use the Conditional Access setting and only granting Terms of Use for an Android Device Enrollment. The Investigation What happens now is as described in our docs article Terms of use - Azure Active Directory | Microsoft Docs - The authenticator app installs... Why … Continue reading Intune – “Conditional Access, Terms of Use and The Company Portal”
Category: Identity
Azure AD Connect | Verify password sync for single user
I recently received a query from a customer asking if there was a way to determine when last a user’s password was synchronized. Upon receiving further details, it became clear that they suspected an issue with password synchronization for a specific user. There is an easy way to verify password synchronization for a single user.
Roll over Kerberos decryption key for Seamless SSO computer account
Updating the Kerberos decryption key for the Azure AD SSO computer account is a fairly simple process. In this blog post I walk through the steps to perform an update of the Kerberos decryption key.
How to reset the Directory Service Restore Mode (DSRM) password
The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller. I have encountered many Active Directory environments where the DSRM password for the Domain Controllers is not known or safely stored for retrieval when needed. In this article I revisit the options to reset the DSRM password.
Azure AD Alternate Login ID – Use your e-mail address (preview).
Introduction For logging into office 365 services, and you are syncing your users from on premises AD via Azure AD Connect, Microsoft has always recommended changing your users UPNs to match their e-mail address. 2 of the main reasons for this are: You can not use non routable domains in Azure AD. So domain.local will … Continue reading Azure AD Alternate Login ID – Use your e-mail address (preview).
Understanding Microsoft Security Baselines and Applying Them – Part 2
Importing the Security Baselines into AD easily The easiest method of importing all the settings into AD is a script that is included with the baselines, its stored beneath the Scripts folder named "Baseline-ADImport.ps1". Baseline-ADImport.ps1 Imported GPO's in AD In the image above you can see everything that is imported with the Security Baseline for … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 2
Enable Remote Work for Organizations – Interview with Microsoft Services Expertise
This is 16 Minutes interview with Microsoft Services Expertise discussing How Microsoft Enable Remote Work for Organization using Windows Virtual Desktop.
Field Notes: Azure MFA and SSPR combined registration now Generally Available
As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.
Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
This is a continuation of a series on Azure AD Connect. The second blog post of the series covered a custom installation. One of the optional features I promised to cover then was password writeback, which I discuss in this blog post as part of enabling the self-service password reset (SSPR) feature in a hybrid … Continue reading Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B
Introduction I was working with a customer recently who could not get clients or servers at a new remote site to activate using Active Directory Based Activation (ADBA). They were getting event ID 8214 as in the image below. Notice in the above where I bold the computer name Client1.Child1.Contoso.local. This means that Client1 is … Continue reading Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B
You must be logged in to post a comment.