How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application

As more organisations are integrating their SAML applications to AAD instead of ADFS to take advantage of the Azure AD Conditional Access Policy. One user experience issue of the change is that federated users (e.g. using ADFS for single-sign on) are first redirected to default MS AAD Login page. Only when they have entered their UPN, they are redirected to the ADFS page to sign in.

Many customers and end-users have asked if they can be redirected straight to the ADFS page, bypassing the MS login page, especially when migrating an existing ADFS federated application to AAD.… [Keep reading] “How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application”

MIM2016 Upgrade Hanging on Custom Action – SetPermissionEval

I was upgrading a client’s environment from FIM2010 R2 to MIM2016, during the upgrade of the Synchronization service, the installer appeared stuck, I waited for over an hour, there was no activity and no progress update. I checked the msi installation log, and found the last activity was CustomAction = SetPermissionEval, ActionType=3073. Other than this, there was no errors or any indication of failures.
According to this TechNet article, SetPermissionEval sets access permission (ACLs) for file folders, registry, DCOM launch/access permission and WMI.… [Keep reading] “MIM2016 Upgrade Hanging on Custom Action – SetPermissionEval”

Mobile Application Management (MAM)

The biggest challenge for BYOD devices is data security and leakage, a common method to enforce data protection is through Exchange ActiveSync and/or Mobile Device Management (MDM) tools such as AirWatch, Intune and others.

Both ActiveSync and MDM comes with the option of device wipe and enforcing device PIN. If the device is lost or the employee is terminated, the company could remote wipe the device to protect its data. While device wipe is great from the company’s perspective, it is almost always met with resistance from the employees because everyone fears the company has the power to wipe their personal data such as photos and contacts from their own personal devices.… [Keep reading] “Mobile Application Management (MAM)”