Azure AD – New Azure AD Resilience feature coming, update to your ADFS required

New Azure Active Directory (AAD) feature is coming to provide more resilience. If you are using federated authentication, like with AD FS, you must be prepared and update your federation service to use the new endpoints. If you are using AD FS and use Azure AD Connect to configure/maintain it, Azure AD Connect will do it for you. As usual a quick check is always recommended so read the below…

Read More

ADFS – Resolve authentication issue faster

Authentication is a key to access corporate resources, hosted either on-premises (you can use ADFS to authenticate against Exchange to access your mailbox) or in the cloud (Office 365, Azure, Salesforce…). While Microsoft is working hard to make authentication process to his services a little bit easier for end-users (password synch, seamless single sign-on…), you may still rely on federated authentication using AD FS (Active Directory Federation Services). Troubleshooting authentication…

Read More

ADFS 4 – Enable device authentication method

With ADFS 4, you can easily enable device authentication as authentication method. This authentication method was already available in ADFS 3 but only as additional authentication method; with ADFS 4 this becomes also available as primary authentication method.   Upgrade Active Directory Federation schema This step is required if already have deployed a previous version of ADFS within your Active Directory and/or if your are not yet running Active Directory…

Read More

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS

One of the improvements with ADFS 4 (on Windows Server 2016) is the integration of Azure MFA as multi factor authentication method as well as primary authentication method; you can still use the certificate based or the Azure MFA Server (see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=618) for the multi factor methods. If you want to enable Azure MFA with ADFS 4, you need to follow these steps: generate a certificate for your Azure MFA…

Read More

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default

As you may know, a quick way to test your ADFS deployment is to access the idpinitiatedsignon sign page. As usual, I tried it after deploying my new ADFS 4.0 server and… got this error message The resource you are trying to access is not available. Contact your administrator for more information.   And the following event is logged Log Name:      AD FS/Admin Source:        AD FS Date:          2/10/2016 7:22:24 AM…

Read More

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443

You may already know that ADFS 3.0 (on Windows Server 2012 R2) already supports certificate authentication BUT using a different communication port than 443 (in fact 49443). With ADFS 4.0 (on Windows Server 2016), the certificate authentication can now use the 443 communication port, making thing easier to implement multi factor authentication using user certificate. To be take advantage of this new capability, you need to update your ADFS certificate…

Read More

Security – Error after upgrading Multi Factor Authentication Server to version 7

If you are already using Microsoft Azure MFA with the on premises solution (Multi Factor Authentication Server) and want (or have already) to upgrade to the latest version (which is version 7.0.2 at the time of writing this post), you may experience the following error if you have integrated with ADFS (especially when you restart your ADFS services) after you have upgraded your ADFS connector. Log Name:      AD FS/Admin Source:       …

Read More

Yammer – Finally Yammer is using Office 365 authentication

It has been announced some time ago, and now the roll out seems in a good progress. Yammer is finally now using your Office 365 tenant authentication scheme – be careful this will not work if you already have a federation with Yammer. This means when a user try to sign in to Yammer using one of your domain, he will be redirected to your Office 365 sign page. The…

Read More

ADFS 3 / Office 365 – Sign in with Lync mobile app on Android failed

While working on a project to deploy Office 365 with ADFS 3.0, I was running on an issue with the Lync mobile client on Android ONLY; other Lync client did not had the issue (on WIndows, WIndows Phone or iOS). The issue was the user was not able to sign in on the Lync 2013 mobile client on Android (while Office mobile or web browser access worked fine); the same…

Read More

Office 365 – ADFS authentication error code 8004789A when logging with web browser

If you are using Office 365 and have implemented ADFS to manage the authentication to Office 365 services, this post is for you You may get the following error code – 8004789A – when logging on to Office 365 with web browser (Exchange Online OWA or SharePoint Online), while Outlook or any ActiveSync device is working fine   The solution is simple: check if the Issuer (URI) URL is set…

Read More

Windows 2012 R2 / Windows 8.1 – Bring your own device with Workplace Join

With Windows 2012 R2 and Windows 8.1, Microsoft starts to simplify the BYOD – Bring Your Own Device. Indeed, on Windows 8.1 (this is not available with Windows 8, so upgrade for free your Windows 8 device ), a new feature called Join Workspace allow end-users to connect and use corporate resources without being obliged to join the domain.   Prerequisites To be able to use this feature, the following…

Read More

Office 365 – Active Directory Federation update 1 provides better multiple UPN management

As you may already know, with Office 365 you can configure your cloud services to use your own Active Directory for user authentication. This allow single sign on and password policy management independently of Office 365. However, until now, there was a limitation which obliged you to use multiple ADFS implementation in case of you were using multiple top domain for user’s UPN (user@domain1.com, user@domain2.com…); one per top domain. With…

Read More

ADFS 2.0 – RTW version available

Microsoft has released the RTW (Release To the Web) of Active Directory Federation Services 2.0. ADFS is allowing users collaboration across organization boundaries as well as used for simple application authentication on premise and in the cloud. http://www.microsoft.com/downloads/en/details.aspx?FamilyID=118c3588-9070-426a-b655-6cec0a92c10b

Read More