Azure Active Directory Connect high-availability using ‘Staging Mode’

25th of June, 2015 / / 11 Comments

With the Azure Active Directory Connect product (AAD Connect) being announced as generally available to the market (more here, download here), there is a new feature available that will provide a greater speed of recovery of the AAD Sync component. This feature was not available with the previous AAD Sync or DirSync tools and there is little information about it available in the community, so hopefully this model can be considered for your synchronisation design.… [Keep reading] “Azure Active Directory Connect high-availability using ‘Staging Mode’”

Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains

9th of July, 2014 / / No Comments

Kloud has helped many Australian businesses leverage Microsoft cloud services such as Office 365, Intune and Microsoft Azure and most have implemented Active Directory Federation Services (AD FS) to provide a highly available Single Sign-On (SSO) user experience. In mid-2013, the Windows Azure Active Directory Synchronization Tool was updated to support password synchronisation with Azure Active Directory, which provided an alternative way to leverage on-premises authored identities with Microsoft’s cloud services.

Password synchronisation is a feature of the Azure Active Directory Sync Tool that will synchronise the password hash from your on-premises Active Directory environment to the Azure Active Directory.… [Keep reading] “Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains”

Claims-Based Federation Service using Microsoft Azure

6th of June, 2014 / / 16 Comments

In this post I will discuss how you can setup Microsoft Azure to provide federation services with claims authentication in the same way that an Active Directory Federation Service (ADFS) farm would on-premises. This can be achieved with an Azure subscription, Access Control Services (ACS) and an Azure Active Directory (AAD) instance. The key benefit of using Azure SaaS is that Microsoft have taken care of all the high availability and load scaling configuration, therefor you have no need to manage multiple ADFS servers to gain the same desired functionality.… [Keep reading] “Claims-Based Federation Service using Microsoft Azure”

The Next Version of Forefront Identity Manager Is Coming in 2015

18th of May, 2014 / / No Comments

There has been a lot of speculation about the next version of Microsoft Forefront Identity Manager.  For those who follow Microsoft’s product roadmaps, a number of Forefront products have been cancelled by Microsoft.  Here is a brief list:

  • Forefront Protection 2010 for Exchange
  • Forefront Protection 2010 for SharePoint
  • Forefront Security 2010 for Office Communication Server
  • Forefront Threat Management Gateway 2010
  • Forefront Unified Access Gateway 2010

 

Other products in the Forefront family have been renamed and become a more integrated part of another product.  … [Keep reading] “The Next Version of Forefront Identity Manager Is Coming in 2015”

Windows Azure Self-Service Management with System Center App Controller

25th of February, 2014 / / No Comments

Windows Azure empowers everyone access to world-class Cloud computing and its potential. Few questions came up from enterprises:

  • How do we delegate authority on my Enterprise Azure subscription?
  • How do we create a user role with the authority to carry out specific tasks?
  • How do we provide self-service portal with Active Directory integration?

App Controller can be the answer for all the questions above. App Controller is one of the System Center family products. App Controller provides a single interface for admins to manage both public and private clouds.[Keep reading] “Windows Azure Self-Service Management with System Center App Controller”

Resource Based Kerberos Constrained Delegation

11th of July, 2013 / / 17 Comments

Big changes have occurred in the Kerberos authentication space with the introduction of Windows Server 2012. For this blog I’ll focus on Kerberos Constrained Delegation and Protocol Transition, highlighting what Server 2012 brings to the table, and how the changes can be used to improve security in a typical deployment scenario.

Kerberos Delegation Explained

To start, a high level explanation of Kerberos delegation – it enables an account to impersonate another account for the purpose of providing access to resources.… [Keep reading] “Resource Based Kerberos Constrained Delegation”