Identity and Access Management – Page 25

How to implement Multi-Factor Authentication in Office 365 via ADFS – Part 2

11th of March, 2015 / Lucian Franghiu / 2 Comments

Check out the original article at Lucian’s blog here: lucian.blog

Welcome to part 2 of this 4 part series on Multi-Factor Authentication (MFA). In this post i’ll go into some of the different types of MFA available to federated users with either Office 365, Azure AD and hybrid configuration Active Directory Federation Services (ADFS) v3.0; as well as some use cases for each of these.

Quick recap – Multi-factor authentication (MFA) is a means of access control whereby during the logon process, there is more than one claim to grant you access to the cloud service, server application or even workstation. … [Keep reading] “How to implement Multi-Factor Authentication in Office 365 via ADFS – Part 2”

How to implement Multi-Factor Authentication in Office 365 via ADFS – Part 1

11th of March, 2015 / Lucian Franghiu / 5 Comments

Check out the original article at Lucian’s blog here: lucian.blog

This is part 1 of a 4 part series put together exploring Multi-Factor Authentication (MFA). Recently I’m been working with a client on a project to implement MFA for Office 365 services as company policy mandates at least two factors of authentication (2FA) for accessing any corporate resources.

In part one I’ll put together my points of view around what MFA is, why its an important topic for organizations especially in 2015.… [Keep reading] “How to implement Multi-Factor Authentication in Office 365 via ADFS – Part 1”

Sending SMS Through PowerShell with Telstra’s New API

12th of February, 2015 / Dan Thom / 5 Comments

The code detailed in this post won’t work anymore. If you’re looking for updated PowerShell to use with Telstra’s APIs, please check out this updated post.

Recently, Telstra released their first public API, which in true telco fashion leverages an existing product in their stable; SMS. The service allows anyone with a Telstra t.dev account (get one here) to get an API key which will allow you to send up to 100 messages per day, 1000 per month to Australian mobiles.… [Keep reading] “Sending SMS Through PowerShell with Telstra’s New API”

Using a Proxy with Azure AD Sync Services

19th of December, 2014 / David Ross / 3 Comments

In this blog I am going to cover some tips and tricks for using Azure AD Sync Services with a proxy… including the specific URLs required for whitelisting, the proxy settings used during the installation, configuration and running of the tool, and a workaround for apps that do not support authenticating proxies.

URL Whitelisting

It is generally recommended to whitelist all the Office 365 URLs to bypass proxy infrastructure as this provides the best performance and avoids issues with applications that are not compatible with an authenticating proxies (OneDrive for Business client installations, Exchange Hybrid services, Azure AD Sync Services and so on…).… [Keep reading] “Using a Proxy with Azure AD Sync Services”

AADSync – AD Service Account Delegated Permissions

18th of December, 2014 / Arran Peterson / 26 Comments

Note: This applies to Azure AD Connect, previously referred to as AAD Sync or DirSync.

***UPDATED (04/07/2016): Includes Exchange Hybrid Object ‘msDS-ExternalDirectoryObjectID’ for Exchange 2016 environments. Thanks Dave Young.

***UPDATED (29/10/2015): Included two lines for Password Write-back as per Chris Lehr Comment

When you configure Azure AD Sync (AADSync), you need to provide credentials of an account that is used by AADSync’s AD DS Management Agent to connect to your on-premises Active Directory. In previous versions of DirSync this was achieved via running the configuration wizard as a ‘Enterprise Admin’ and thus allowing the installer to create a service account and apply permissions to the Directory on your behalf.… [Keep reading] “AADSync – AD Service Account Delegated Permissions”

MIM and Privileged Access Management

26th of November, 2014 / Mark Southwell / 2 Comments

Recently Microsoft released Microsoft Identity Manager 2015 (MIM) Customer Technology Preview (CTP). Those expecting a major revision of the FIM product should brace themselves for disappointment. The MIM CTP is more like a service release of FIM. MIM CTP V4.3.1484.0 maintains the existing architecture of the FIM Portal (still integrated with SharePoint), FIM Service, and the FIM Synchronisation Service. Also maintained are the separate FIM Service and FIM Sync databases. Installation of the CTP is almost identical to FIM 2010 R2 SP1, including the same woes with SharePoint 2013 configuration.… [Keep reading] “MIM and Privileged Access Management”

Kloud Sessions from TechEd Australia 2014

7th of November, 2014 / Simon Waight / No Comments

Consultants from Kloud are always looking for ways to help public cloud adoption by contributing to community events and sharing our knowledge. The premier annual Microsoft technical event to do this at in Australia is TechEd.

As in previous years Kloud had speakers presenting at TechEd 2014 and you’ll find their session videos below. Click through to the Channel 9 site to gain access to the deck to go with the session.

Azure VM Security and Compliance Management with Configuration Manager and SCM

Presenter: Andreas Wasita.… [Keep reading] “Kloud Sessions from TechEd Australia 2014”

Implementing ADFS V3.0 Forms Authentication in Mixed Environments

6th of November, 2014 / Mark Southwell / 36 Comments

An increasingly common scenario for organisations is a mixed network of Domain joined and non-Domain joined or BYOD clients. To provide Single Sign-On for Domain joined clients, Windows Authentication must be enabled in the Global Authentication Policy for the internal ADFS farm. Unfortunately for the BYOD clients, the result is the default Internet Explorer authentication dialog below when attempts to access federated applications are made – a very poor end user experience.

It is possible however to configure ADFS V3.0 so that BYOD clients receive ADFS Forms authentication whilst Domain joined clients maintain SSO.… [Keep reading] “Implementing ADFS V3.0 Forms Authentication in Mixed Environments”

The NRMA engages Kloud to develop a group-wide intranet solution to improve usability and collaboration

5th of November, 2014 / Eloise Skella / No Comments

Customer Overview

The National Roads and Motorists’ Association (the NRMA) is Australia’s largest member-owned organisation, with 2.4 million members across New South Wales and the Australian Capital Territory. In recent years the NRMA has expanded beyond its original roadside offering, to help members across a broad range of services, including NRMA MotorServe service centres, NRMA Emergency Home Assist, NRMA Travel, holiday accommodation through NRMA Holiday Parks and car rental, where NRMA owns Thrifty Car Rental in Australia and New Zealand.… [Keep reading] “The NRMA engages Kloud to develop a group-wide intranet solution to improve usability and collaboration”

ADFS Metadata Conversion for Shibboleth

31st of October, 2014 / Mark Southwell / No Comments

I recently blogged about the issues integrating Shibboleth Service Providers with ADFS. As an update to that blog one of Kloud’s super smart developers (Alexey Shcherbak) has re-written the FEMMA ADFS2Fed.py Python script in PowerShell, removing the need for Python and the LXML library! The ADFS2Fed converts ADFS metadata for consumption by a Shibboleth SP. Below is the output of Alexey’s labour, awesome work Alexey!

[code language=”PowerShell” gutter=”false”]
$idpUrl = "https://federation.contoso.com";
$scope = "contoso.com";
$filename = ((Split-Path -parent $PSCommandPath) +"\federationmetadata.xml");… [Keep reading] “ADFS Metadata Conversion for Shibboleth”