With the Active Directory Recycle Bin enabled, deleted Active Directory objects can be easily recovered. The deleted items can be recovered for as long as the Active Directory tombstone lifetime. Based on default configuration this should be 180 days. I recently received a request from a customer to know how they can permanently delete user … Continue reading Permanently delete objects from the Active Directory Recycle Bin
Tag: Identity
MIM Portal & Application Context Authentication
The intention of this write-up is that you are modifying MIM Portal to switch email notifications to use the Application Context Authentication method as opposed to an SMTP relay or other method that uses a log on name and password. Basic Authentication will be deprecated somewhere around October 2022. A Modern Authentication needs to be … Continue reading MIM Portal & Application Context Authentication
Flowing gMSA accounts into MIM Portal
The purpose for this document is to guide someone through adding Group Managed Service Accounts (gMSA) into the MIM Portal. At my customer, we have started utilizing gMSA’s more and more as opposed to regular service accounts. With increased usage this means that gMSA’s are showing up as members of various Security Groups. Anyone who … Continue reading Flowing gMSA accounts into MIM Portal
Accessing MIM Portal with Azure AD App Proxy
Enabling MIM Portal to work with Azure AD App Proxy is not new. There are certainly numerous articles out on the Internet that talk about the topic. At the same time, MIM Portal on App Proxy is not as easy to configure as other web-based applications are. My reasons for documenting this was to solve … Continue reading Accessing MIM Portal with Azure AD App Proxy
Intune – “Conditional Access, Terms of Use and The Company Portal”
The Issue We recently had an issue where we tried to use the Conditional Access setting and only granting Terms of Use for an Android Device Enrollment. The Investigation What happens now is as described in our docs article Terms of use - Azure Active Directory | Microsoft Docs - The authenticator app installs... Why … Continue reading Intune – “Conditional Access, Terms of Use and The Company Portal”
Field Notes: Azure MFA and SSPR combined registration now Generally Available
As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.
Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
This is a continuation of a series on Azure AD Connect. The second blog post of the series covered a custom installation. One of the optional features I promised to cover then was password writeback, which I discuss in this blog post as part of enabling the self-service password reset (SSPR) feature in a hybrid … Continue reading Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization
This is a continuation of a series on Azure AD Connect. I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization (PHS) sign-in option is selected by default. This was followed by the custom installation path where I selected pass-through authentication (PTA) as a user … Continue reading Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization
Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server
This is a continuation of a series on Azure AD Connect. In this blog post, I cover a specific case where an export to Azure AD fails due to stale Internet proxy settings configured on the server running Azure AD Connect. I go through various tools, some of which we have covered in our previous … Continue reading Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server
Field Notes: Azure AD Connect – Attribute-based Filtering
This is a continuation of a series on Azure AD Connect. I recently covered using domain/OU and group filtering options that are available in Azure AD Connect to help control which objects are synchronized to Azure AD. I also took a closer look in group filtering, which is not recommended for use in production. Another … Continue reading Field Notes: Azure AD Connect – Attribute-based Filtering
You must be logged in to post a comment.