Mobile Application Management (MAM)

13th of September, 2016 / / 6 Comments

The biggest challenge for BYOD devices is data security and leakage, a common method to enforce data protection is through Exchange ActiveSync and/or Mobile Device Management (MDM) tools such as AirWatch, Intune and others.

Both ActiveSync and MDM comes with the option of device wipe and enforcing device PIN. If the device is lost or the employee is terminated, the company could remote wipe the device to protect its data. While device wipe is great from the company’s perspective, it is almost always met with resistance from the employees because everyone fears the company has the power to wipe their personal data such as photos and contacts from their own personal devices.… [Keep reading] “Mobile Application Management (MAM)”

Encryption In The Cloud

15th of August, 2016 / / No Comments

Is it safe? 

Three simple yet chilling words immortalized by the 1976 movie Marathon Man staring Laurence Olivier and Dustin Hoffman, in which Olivier tries to discover by very unpleasant means whether the location of his stolen diamonds has been exposed.

Well had Sir Lawrence encrypted that information, there would have been no need for him to worry because he would have known that short of using a weak cypher or vulnerable algorithm or password, encrypted data has a very strong chance of remaining secret no matter what.… [Keep reading] “Encryption In The Cloud”

Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser

1st of August, 2016 / / 2 Comments

We recently came across an issue with a customer where they had configured a standard SSO experience with Office 365 using ADFS and it was working perfectly except for a specific use case.   When a user accesses the office store via the Office 365 portal (e.g. portal.office.com/store) they got into an endless SSO login loop.  Specfically, they would see the following:

  1. Connection to Portal.Office.com
  2. Redirection to login.microsoftonline.com
  3. Redirection to adfs.customerdomain.com (automatically signed in because of WIA SSO)
  4. Redirection to login.microsftonline.com
[Keep reading] “Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser”

Mocking ADAL for Unit Tests

18th of June, 2016 / / 5 Comments

Active Directory Authentication Library (ADAL) provides developers with great experiences to easily integrate Azure Active Directory (AAD) with their application for authentication and authorisation. With minimum efforts, we can implement OAuth authentication against AAD, using ADAL. However, in the unit testing world, it’s not that easy to test application when the application uses ADAL because ADAL is not unit-testable. We don’t test ADAL itself, but we do need mock it to test applications using ADAL. In this post, we are going to implement how to implement wrapper classes for ADAL’s AuthenticationContext, AuthenticationResult and DeviceCodeResult.… [Keep reading] “Mocking ADAL for Unit Tests”

Creating self-signed certs using OpenSSL on Windows

12th of June, 2016 / / 4 Comments

ssl

Working with Linux technologies exposes you to a huge number of open source tools that can simplify and speed up your development workflow. Interestingly enough, many of these tools are now flooding into the Windows ecosystem allowing us to increase the portability of our development assets across multiple operating systems.

Today I am going to demonstrate how easy it is to install OpenSSL on Windows and how simple it is to quickly create self-signed certificates for our development TLS needs that will work on a range of operating systems.… [Keep reading] “Creating self-signed certs using OpenSSL on Windows”

Using Microsoft Azure Table Service REST API to collect data samples

9th of June, 2016 / / No Comments

Sometimes we need a simple solution that requires collecting data from multiple sources. The sources of data can be IoT devices or systems working on different platforms and in different places. Traditionally, integrators start thinking about implementation of a custom centralised REST API with some database repository. This solution can take days to implement and test, it is very expensive and requires hosting, maintenance, and support. However, in many cases, it is not needed at all.… [Keep reading] “Using Microsoft Azure Table Service REST API to collect data samples”

Access Azure linked templates from a private repository

22nd of May, 2016 / / 1 Comment

I recently was tasked to propose a way to use linked templates, especially how to refer to templates stored in a private repository.  The Azure Resource Manager (ARM) engine accepts a URI to access and deploy linked templates, hence the URI must be accessible by ARM.  If you store your templates in a public repository, ARM can access them fine, but what if you use a private repository?  This post will show you how.

In this example, I use Bitbucket – a Git-based source control product by Atlassian.  … [Keep reading] “Access Azure linked templates from a private repository”

Configuring Intune Service to Service Connector for Exchange Online with a Service Account

4th of May, 2016 / / 2 Comments

If you are considering the use of Intune Conditional Access with Exchange Online it is generally recommended that you configure the Intune Service to Service Connector.  While it is not mandatory, it does provide your Intune Administrators the ability to report on the effectiveness of the Conditional Access Policies on your mobile ActiveSync clients within your Exchange Online environment.  In addition, if you wanted to enforce the use of the Outlook iOS/Android app using Exchange ActiveSync policies, as per my previous blog post here, setting up the connector would allow you to configure the ActiveSync access rules straight from the Intune Admin Portal.… [Keep reading] “Configuring Intune Service to Service Connector for Exchange Online with a Service Account”

Using saved credentials securely in PowerShell scripts

21st of April, 2016 / / 30 Comments

One of the most common tasks out in the field is the need to run PowerShell scripts that require credentials to be saved in some form of another so that they can be fed into scripts to be executed autonomously.  This is particularly common in cloud environments where the current user context in which the scripts are run (e.g. within a scheduled task) are insufficient or not appropriate for the remote execution.   Office 365 management is a perfect example of this, where often a credential object must be passed in order to connect and execute the cmdlets.… [Keep reading] “Using saved credentials securely in PowerShell scripts”