Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API

26th of July, 2016 / Darren Robinson / No Comments

Update: April 13 2017. 
See this post for adapting to changes in the AzureAD 
PowerShell Module Helper Libraries

Recently Microsoft released the preview of the v2.0 Azure AD PowerShell cmdlets. https://azure.microsoft.com/en-us/updates/azure-ad-new-powershell-cmdlets-preview/

I’ve got a project coming up where I’m looking to change my approach for managing users in Azure using Microsoft Identity Manager. Good timing to do a quick proof of concept to manage users with the new cmdlets and directly using the Graph API in preparation to move away from the msol cmdlets.… [Keep reading] “Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API”

Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent

18th of July, 2016 / Darren Robinson / 3 Comments

Another day, another piece of FIM/MIM experimentation. I had built a fresh MIM 2016 environment in Azure to test a few scenarios out. That all went quick and seamlessly thanks to some great templates and a few scripts. Until I came to create the management agent (the purpose of today’s experimentation).

It didn’t matter if I tried to Create a New Management Agent or Import the Management Agent. I just got “Exception from HRESULT 0x80230729”. The common element however was that the Management Agent I was creating was based off a 3^rd party MA based on Microsoft’s Extensible Connectivity Management Agent (ECMA).… [Keep reading] “Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent”

The new Azure AD Connect built in user filter: adminDescription.

14th of July, 2016 / Lucian Franghiu / 7 Comments

tl;dr

Really? I need to shorten an already short post? Well, you’re welcome Generation-Y.

New Azure AD Connect user filter
Inbound rule
Leverages ADDS attribute: adminDescription
Add in a value with a prefix of User_ or Group_ to filter out that object

***

Azure AD Connect, like previous version of the directory synchronisation application, is able filter users, groups or contacts that are synchronised to Azure AD / Office 365 through a number of methods. The Microsoft Azure documentation page – –

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-configure-filtering/

… [Keep reading]

Accelerating Azure Multi Factor Authentication in Enterprise Organisation

11th of July, 2016 / Shaun Stuart / No Comments

At Kloud we get incredible opportunities to partner with organisations who are global leaders in their particular industry.

Recently we were asked to accelerate Microsoft’s Azure Multi factor authentication for Office 365 users in the cloud throughout an enterprise organisation.

This blog is not so much focused on the technical implementation (there is an incredible amount of technical documentation provided by Microsoft that covers this) but more around what we discovered whilst accelerating the technology throughout the organisation.… [Keep reading] “Accelerating Azure Multi Factor Authentication in Enterprise Organisation”

Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector

23rd of June, 2016 / Dan Thom / 5 Comments

Back in March, my colleague Darren Robinson published this post which nicely explains how to use Søren Granfeldt’s FIM/MIM PowerShell MA to manage SharePoint Online profiles. While Darren’s post covers everything you need to connect to SPO and manage user profiles via FIM/MIM, some of your clients may prefer to use the Microsoft equivalent for reasons of perceived support and product quality. This post will cover off what is required to get the Connector up and running.… [Keep reading] “Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector”

Powershell Status Reporting on AAD Connect

6th of June, 2016 / Michael Pearn / 1 Comment

Recently, I had a customer request the ability to quickly report on the status of two AAD Connect servers.

Since these two servers operate independently, it is up to the administrator to ensure the servers are healthy and they are operating in the correct configuration modes with respect to each other.

Typically, if you’re going to spend money operating two AAD connect servers, it make sense they both are enabled with their import cycles but only one runs in ‘Normal’ mode (i.e.… [Keep reading] “Powershell Status Reporting on AAD Connect”

Configuring Proxy for Azure AD Connect V1.1.105.0 and above

24th of May, 2016 / Michael Pearn / 8 Comments

My colleague David Ross has written a previous blog about configuring proxy server settings to allow Azure AD Sync (the previous name of Azure AD Connect) to use a proxy server.

Starting with version 1.1.105.0, Azure AD Connect has completely changed the configuration steps required to allow the Azure AD Connect configuration wizard and Sync. Engine to use a proxy.

I ran into a specific proxy failure scenario that I thought I’d share to provide further help.… [Keep reading] “Configuring Proxy for Azure AD Connect V1.1.105.0 and above”

Configuring Intune Service to Service Connector for Exchange Online with a Service Account

4th of May, 2016 / David Lee / 2 Comments

If you are considering the use of Intune Conditional Access with Exchange Online it is generally recommended that you configure the Intune Service to Service Connector. While it is not mandatory, it does provide your Intune Administrators the ability to report on the effectiveness of the Conditional Access Policies on your mobile ActiveSync clients within your Exchange Online environment. In addition, if you wanted to enforce the use of the Outlook iOS/Android app using Exchange ActiveSync policies, as per my previous blog post here, setting up the connector would allow you to configure the ActiveSync access rules straight from the Intune Admin Portal.… [Keep reading] “Configuring Intune Service to Service Connector for Exchange Online with a Service Account”

WORKAROUND / FIX: Login to Azure with certificate as Service Principal

3rd of May, 2016 / Vic Perdana / 3 Comments

This blog post describes my recent experience with an Azure AD service principal authentication with a certificate. The process is well documented and seemed quite straightforward, however this was not my experience.

The issue

I was able to successfully follow the process to setup Azure AD service principal until the step where I granted the service principal with a role (using PS cmdlets). When I tried to login as the service principal, I encountered the issue below.… [Keep reading] “WORKAROUND / FIX: Login to Azure with certificate as Service Principal”

Enforcing Outlook App in Exchange Online and Intune Conditional Access

29th of April, 2016 / David Lee / 25 Comments

[UPDATE 23/11/16] Microsoft have announced a new method of doing what I describe in this blog post. Matt Shadbolt from the Intune Engineering team has a nice blog post that describe how to use this new process, based on Intune MAM policies. The below information is still useful though if you want to do more specific restrictions (e.g. iOS vs Android native clients).

What is Intune Conditional Access?

Intune Conditional Access is a pretty neat feature that allows administrators to enforce compliance policies to devices prior to allowing them access to sync their mail with Exchange Online. … [Keep reading] “Enforcing Outlook App in Exchange Online and Intune Conditional Access”