Preventing double-app-loading behaviour with ADAL.js

Microsoft’s JavaScript implementation of its Azure Active Directory Authentication Library (ADAL.js) allows for some great client-side-only Single Page App (SPA) scenarios.
Unfortunately (as with most things auth-related), there are some gotcha’s to be aware of. One relates to how ADAL obtains refresh tokens in this crazy world of implicit auth.

Implicit Auth Flow

Implicit auth allows for the application developer to not have to host their own token authentication service. The ADAL.js and the Azure AD auth endpoint do all the heavy lifting:

It’s the bottom third of the diagram (after the token expires) that causes the issue I am addressing in this post.… [Keep reading] “Preventing double-app-loading behaviour with ADAL.js”

Adapting to the changes in the AzureAD Preview PowerShell Module ADAL Helper Library

I’m a big proponent of using PowerShell for integration and automation of Azure Active Directory Services using the Azure AD GraphAPI. You may have seen many of my posts leverage the evolving Azure AD Preview PowerShell Module helper libraries. Lines in my scripts that use this look like the one below. In this case using preview version 2.0.0.52.

# the default path to where the ADAL GraphAPI PS Module puts the Libs
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\2.0.0.52\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'

The benefit of using this library is the simplification of Authentication to AzureAD, from which we can then receive a token and interact with the GraphAPI via PowerShell using Invoke-RestMethod.… [Keep reading] “Adapting to the changes in the AzureAD Preview PowerShell Module ADAL Helper Library”

Modern Authentication and MAPI-HTTP

If you haven’t heard, Modern Authentication (aka ADAL), has now officially gone GA (https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/) – which means that if you are utilising Office 365 services, particularly Exchange Online, and Office 2013/2016 as your client, you should really be looking at enabling this functionality for your end users.

For those unfamiliar with Modern Auth, there are numerous benefits, but one of the most obvious for end users is it removes the need for the use of ‘save my credentials’ when signing into Exchange Online and provides a true SSO experience when combined with ADFS Federation.… [Keep reading] “Modern Authentication and MAPI-HTTP”

Mocking ADAL for Unit Tests

Active Directory Authentication Library (ADAL) provides developers with great experiences to easily integrate Azure Active Directory (AAD) with their application for authentication and authorisation. With minimum efforts, we can implement OAuth authentication against AAD, using ADAL. However, in the unit testing world, it’s not that easy to test application when the application uses ADAL because ADAL is not unit-testable. We don’t test ADAL itself, but we do need mock it to test applications using ADAL. In this post, we are going to implement how to implement wrapper classes for ADAL’s AuthenticationContext, AuthenticationResult and DeviceCodeResult.… [Keep reading] “Mocking ADAL for Unit Tests”

Enforcing Outlook App in Exchange Online and Intune Conditional Access

[UPDATE 23/11/16] Microsoft have announced a new method of doing what I describe in this blog post.  Matt Shadbolt from the Intune Engineering team has a nice blog post that describe how to use this new process, based on Intune MAM policies.  The below information is still useful though if you want to do more specific restrictions (e.g. iOS vs Android native clients).

What is Intune Conditional Access?

Intune Conditional Access is a pretty neat feature that allows administrators to enforce compliance policies to devices prior to allowing them access to sync their mail with Exchange Online.  … [Keep reading] “Enforcing Outlook App in Exchange Online and Intune Conditional Access”

Modern Authentication updates for Office 2013 (MSI-based)

Earlier this year, Office 2013 Modern Authentication using the Active Directory Authentication Library (ADAL) moved to public preview. The steps to take part in the preview and to prepare the Office 2013 software are well documented, particularly by one of my fellow Kloudies (see Lucian’s blog here).

However, you may find that despite creating the registry keys and installing the required updates, Modern Authentication is still not working – something I recently encountered with MSI-based installations of Office 2013 SP1 in a Windows 7 SOE.… [Keep reading] “Modern Authentication updates for Office 2013 (MSI-based)”