Azure AD Connect – Multi-valued Directory Extensions

16th of September, 2016 / / No Comments

I happened to be at a customer site working on an Azure project when I was asked to cast a quick eye over an issue they had been battling with. They had an Azure AD Connect server synchronising user and group objects between their corporate Active Directory and their Azure AD, used for Office 365 services and other Azure-based applications. Their intention was to synchronise some additional attributes from their Active Directory to Azure AD so that they could be used by some of their custom built Azure applications.… [Keep reading] “Azure AD Connect – Multi-valued Directory Extensions”

Test drive Microsoft Intune – Part 2 Application Deployment

15th of September, 2016 / / No Comments

Summary

This is a continuation of blog post Test drive Microsoft Intune – Part 1 Setup Trial Environment. The purpose of this blog article is for guide someone on how to deploy an application on a Window 10 PC using Microsoft Intune.

Deploying an application with file extension .exe

Since we are using a demo account of Intune it has been pre-configured by Microsoft. We can now do customization and application deployment.
Let’s begin by clicking on Apps the left hand navigation and then clicking on the Add Apps

You will be asked to save and run a file named setup.exe.… [Keep reading] “Test drive Microsoft Intune – Part 2 Application Deployment”

Test drive Microsoft Intune – Part 1 Setup Trial Environment

12th of September, 2016 / / 1 Comment

Summary

The purpose of this blog article if for someone to get familiar with and learn how to complete a test trial of Microsoft Intune.

Prerequisites

  1. Microsoft Account – To setup Microsoft Intune demo it is recommended to establish a new Microsoft Account even if you already have an existing one. Reason being that the demo is tied to the email address and may limit you from running additional demos or production after you have completed the demo.
[Keep reading] “Test drive Microsoft Intune – Part 1 Setup Trial Environment”

Querying Skype for Business Online using UCWA and PowerShell

7th of September, 2016 / / 29 Comments

Introduction

Recently a colleague from a previous employer of mine pinged me about connecting to Skype for Business using the Unified Communications Web API (UCWA). UCWA is the REST API that comes with Skype for Business 2015 and exposes Instant Messaging and Presence capabilities. Initially UCWA was only for the OnPremise release of S4B, but this has recently been extended to Skype for Business Online.

The detail on leveraging the UCWA is all here however when it comes to actually doing it, it gets a little daunting.… [Keep reading] “Querying Skype for Business Online using UCWA and PowerShell”

Understanding Outlook Auto-Mapping

23rd of August, 2016 / / 10 Comments

Auto-mapping is an Exchange & Exchange Online feature, which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client. The setting is configurable by an Administrator when Full Access permissions are assigned for a user. Once enabled, the periodic Autodiscover requests from the Outlook client will determine which mailboxes should be mapped for a user. Any auto-mapped mailboxes with be opened by the Outlook client in a persistent state and cannot be closed by the user.… [Keep reading] “Understanding Outlook Auto-Mapping”

Exchange in Azure: NIC disabled/in error state

22nd of August, 2016 / / No Comments

I recently had the need to build my own Exchange server within Azure and connect it to my Office 365 tenant.
I loosely followed the steps in this Microsoft article: https://technet.microsoft.com/library/mt733070(v=exchg.160).aspx to get my Azure (ARM) VMs and infrastructure deployed.

I initially decided to utilise an A1 Azure VM for my Exchange server to reduce my costs, however upon successfully installing Exchange it was extremely slow and basic things like EAC and creating mailboxes would not function correctly due to the lack of resources.… [Keep reading] “Exchange in Azure: NIC disabled/in error state”

Enumerating all Users/Groups/Contacts in an Azure tenant using PowerShell and the Azure Graph API ‘odata.nextLink’ paging function

10th of August, 2016 / / 7 Comments

Recently I posted about using PowerShell and the Azure Active Directory Authentication Library to connect to Azure AD here. Whilst that post detailed performing simple tasks like updating an attribute on a user, in this post I’ll use the same method to connect to Azure AD via PowerShell but cover;

  • enumerate users, contacts or groups
  • where the number of objects is greater than the maximum results per page, get all remaining pages of results
  • limit results based on filters

The premise of my script was one that could just be executed without prompts.… [Keep reading] “Enumerating all Users/Groups/Contacts in an Azure tenant using PowerShell and the Azure Graph API ‘odata.nextLink’ paging function”

Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI

3rd of August, 2016 / / 3 Comments

In a recent blog post here I posted about the Azure AD v2.0 Preview Powershell cmdlets that are currently in preview. These update the functionality the current MSOL cmdlets provide whilst also supporting features they don’t (such as managing users with MFA).

The Azure AD v2.0 cmdlets interface with the Azure AD Graph API and this week I tried using the Set-AzureADUserLicense cmdlet to add/remove licenses from users in a test tenant. With no sample documentation for syntax I didn’t kick any goals so I figured I’d just go straight to using the Azure AD Graph API to get the job done direct from Powershell instead.… [Keep reading] “Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI”

Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser

1st of August, 2016 / / 2 Comments

We recently came across an issue with a customer where they had configured a standard SSO experience with Office 365 using ADFS and it was working perfectly except for a specific use case.   When a user accesses the office store via the Office 365 portal (e.g. portal.office.com/store) they got into an endless SSO login loop.  Specfically, they would see the following:

  1. Connection to Portal.Office.com
  2. Redirection to login.microsoftonline.com
  3. Redirection to adfs.customerdomain.com (automatically signed in because of WIA SSO)
  4. Redirection to login.microsftonline.com
[Keep reading] “Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser”

Modern Authentication and MAPI-HTTP

27th of July, 2016 / / No Comments

If you haven’t heard, Modern Authentication (aka ADAL), has now officially gone GA (https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/) – which means that if you are utilising Office 365 services, particularly Exchange Online, and Office 2013/2016 as your client, you should really be looking at enabling this functionality for your end users.

For those unfamiliar with Modern Auth, there are numerous benefits, but one of the most obvious for end users is it removes the need for the use of ‘save my credentials’ when signing into Exchange Online and provides a true SSO experience when combined with ADFS Federation.… [Keep reading] “Modern Authentication and MAPI-HTTP”