Enrolling and using both Microsoft Authenticator and a YubiKey Physical Token with Azure MFA

26th of October, 2018 / / No Comments

Microsoft have just announced the Public Preview for Hardware OATH Tokens such as the Yubico YubiKey with Azure MFA. In this very long and graphic heavy post I show the end-to-end setup and use of a YubiKey physical token from Yubico as a Multi-Factor Authentication (MFA) second factor authentication method to Azure AD/Office 365.

Specifically I detail;

  • the user experience using a YubiKey Hardware Token with Azure MFA
  • the administrator configuration process for admin enabled YubiKey physical tokens for use with Azure MFA
  • a user enrolling a YubiKey physical token as an additional method for use with Azure MFA
  • switching second-factor authentication methods when authenticating to Azure AD / Office 365

For the process I show here;

  • the Admin account I’m using to do the configuration is a Global Admin
  • the user I’m enabling the token for
    • is assigned an Enterprise Mobility + Security E3 license
    • is enabled for MFA
    • was enrolled in MFA using the Microsoft Authenticator App.
[Keep reading] “Enrolling and using both Microsoft Authenticator and a YubiKey Physical Token with Azure MFA”

Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 2

25th of October, 2018 / / 3 Comments

In this blog (Part 2), I take you through on Enabling Continuous Integration (CI) / Continuous Deployment (CD), for the project created on Part 1.

To re-cap, I have made this entire post into two parts for easier understanding and we will focus on Part 2 here:

Part 1- Creating your first project in Azure DevOps (https://blog.kloud.com.au/2018/10/17/step-by-step-using-azure-devops-services-to-deploy-arm-templates-with-ci-cd-part-1/).
Part 2 – Enabling the first project in Azure DevOps for Continuous Integration (CI) / Continuous Deployment (CD).

Enabling the first project in Azure DevOps for Continuous Integration

    • Now, the next step is to enable continuous integration.
[Keep reading] “Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 2”

Pump up your investments in Modern Intranet and Team Sites with latest cool advancements (Ignite 2018)

25th of October, 2018 / / No Comments

At Ignite 2018, Microsoft provided a great perspective about how Modern Intranets (using SharePoint Communication Sites) and Collaboration features are becoming a major collaboration platform for many companies and investments Microsoft is doing to make them better. Some of these cool features were mentioned during the event. We will take a look at many of them in this blog and how we could use it to make Modern Intranets, Modern Team Sites and Microsoft Teams work even better and seamlessly together.… [Keep reading] “Pump up your investments in Modern Intranet and Team Sites with latest cool advancements (Ignite 2018)”

Creating SailPoint IdentityNow Source Configuration Backups and HTML Reports with PowerShell

25th of October, 2018 / / No Comments

In this post from earlier in the week I detailed leveraging the SailPoint IdentityNow APIs to retrieve IdentityNow Sources, and their configuration. This post takes that a little further, backing up the configuration and also creating a friendly HTML Report with each Sources’ Configuration and Schema. The resulting HTML Report that is dynamically created reports on all Sources in an IdentityNow Tenant Org and looks like the image below.  Sample Report.PNG

After selecting a Source you can then expand a report section for the Source Details and another for the Schema. … [Keep reading] “Creating SailPoint IdentityNow Source Configuration Backups and HTML Reports with PowerShell”

Managing SailPoint IdentityNow Sources via the API with PowerShell

24th of October, 2018 / / No Comments 
Update: Oct 2019. IdentityNow Sources can be easily managed using the SailPoint IdentityNow PowerShell Module.

Back again with another post in my series detailing accessing SailPoint IdentityNow via the API using the unpublished and undocumented APIs. Previous posts detail;

This post also assumes you are able to access the IdentityNow APIs as detailed in this post here.… [Keep reading] “Managing SailPoint IdentityNow Sources via the API with PowerShell”

Reflections from the field – Tips for being a better consultant

23rd of October, 2018 / / No Comments

Striving to be better at what you do is important for your development. Though, it typically translates into developing what you know rather than how you act. For consulting (or any job), there are two parts to the equation; Hard Skills & Soft skills. Balance is needed so you should learn to develop both.
I aim to help people develop their soft skills. They are typically harder to define and require more attention. Below are concepts I work on developing every day and hopefully you can take some away and start developing them for yourself.[Keep reading] “Reflections from the field – Tips for being a better consultant”

Bring in Strategy for building Next-gen Modern Intranet using Communication Sites

23rd of October, 2018 / / No Comments

With the modern responsive design and full-page layouts, Communication sites are an ideal candidate for Intranet sites. During last few projects, we have implemented Modern Intranet portals using Communication Sites and found that user adoption was exceptionally high. We also gained a lot of experience from these implementations, which I will be sharing here.

Note: Most of the below features and advancements are of during Oct 2018, there are few major releases from Ignite 2018 which be released later.
[Keep reading] “Bring in Strategy for building Next-gen Modern Intranet using Communication Sites”

Translating JSON messages with Logic Apps

22nd of October, 2018 / / 2 Comments

One of the key components of an integration platform is message translation. The Microsoft Azure iPaaS Logic Apps service offers message translation with the out of the box ‘compose’ operation. Alternatively, message translation can be achieved with Liquid transforms. The latter requires an Azure Integration account which comes with additional cost. In this article we’ll look at the two transformation options and do a comparison in terms of cost, performance and usability. For my demo purposes I created two logic apps with HTTP input triggers and response output.… [Keep reading] “Translating JSON messages with Logic Apps”

Azure Active Directory B2B Pending and Accepted User Reports

21st of October, 2018 / / 1 Comment

One of the benefits of Cloud Services is the continual enhancements that vendors provide based on feedback from their customers. One such item of feedback that Microsoft has heard often is the request to know what state a Guest user in Azure AD is in. In the last couple of days Microsoft exposed two additional attributes on the User objectClass in Azure AD;

  • externalUserState
  • externalUserStateChangeDateTime

B2B State Tweet.PNG

This means we can now query the Microsoft Graph for B2B users and understand if they have Accepted or are PendingAcceptance, and the datetime of the last change.… [Keep reading] “Azure Active Directory B2B Pending and Accepted User Reports”

Address Space maintenance with VNet Peering

19th of October, 2018 / / No Comments

I recently had a scenario where I wanted to add an address space to a Virtual Network and encountered an issue where it was not possible to modify the address space while VNet Peering was in use. This is likely due to the fact that the routes to the peered VNet that are applied through the peering only get updated at the time the peer is created and cannot be dynamically updated.

The following error detailed this.… [Keep reading] “Address Space maintenance with VNet Peering”