SCCM – Use Autopilot when deploying OS

Following the availability of the new SCCM Current Branch build (1810), it is now possible to use the built-in SCCM task sequence to use Autopilot when deploying OS. To use it, you need to create an SCCM package which will contains the Autopilot settings and use the SCCM tasks sequence (this is not available for MDT integrated task sequence) and choose the Deploy Windows Autopilot for existing devices To create…

Read More

Teams – New administration roles are available

New administration roles are now available to delegate Teams administration. These roles are: Teams Service Administrator: Self explanatory. Teams SA has complete control and access to Microsoft Teams configuration and settings and has also the ability to manage and create Office 365 Groups. Management can be performed either through the Teams administration portal or PowerShell Teams Communication Administrator: A Teams Communication Administrator can manage meetings and calling functionality in Microsoft…

Read More

Intune – You can now get Windows 10 join an Active Directory Domain (preview)

It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…

Read More

Azure AD Connect – A new version of the directory synchronization tool is available

A new version (1.2.65.0) of Azure AD Connect has been released. You can get it from http://go.microsoft.com/fwlink/?LinkId=615771 You need to know that this version is going to overwrite your setting for autoupgrade if you have it set to not automatically update. Before Update After Update If you want to keep the autoupgrade disabled you will need to run the following command after the upgrade is completed Set-ADSyncAutoUpgrade -AutoUpgradeState Disabled As…

Read More

Azure MFA – Support for hardware OAth token and multiple MFA devices coming on Azure MFA

You may be already aware of the Azure Multi Factor Authentication (MFA) solution which has been available for quite some time. Well, good news as Azure MFA is now going to support hardware tokens (OATH-TOTP SHA-1). As you may already know Azure MFA requires end-user to have a phone available (either mobile or desk phone) to be able to challenge the MFA request – either with a call (desk/mobile), text…

Read More

Azure AD – You can now send your Azure AD logs to Log Analytics

You may already know that you can have Azure AD Diagnostic logs; but do you know you can now send these logs to Log Analytics for consolidation and better analysis? To do so, just logon to your Azure AD administration portal (https://aad.portal.azure.com) or Azure portal (https://portal.azure.com) and reach out the Azure AD configuration blade. From there, scroll down to reach the Monitoring section and click on the Diagnostic settings –…

Read More

Azure AD – New capabilities for identity governance on Azure AD

You can now define policies to let your end-users requesting access to your corporate resources – from group membership to role permissions – either with automated or manual approval. At this stage, this is currently available only through private preview. You can register your interest here https://aka.ms/azureadidentitygovernancepreview

Read More

Intune – Display an enrollment status page

With the latest Intune update, you can now display an enrollment status page after a Windows 10 device has been registered. The page will let your end-users know what is happening while their device is finalizing the registration process. To do so, you first need to enable the feature in Intune Connect to your Azure portal and reach out the Intune configuration blade Then reach out the Device Enrollment\Windows Enrollment…

Read More

Exchange Online – Implement ‘Limited Access’ Conditional Access

You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…

Read More

Azure AD – New SSO setup experience

An updated and refreshed experience is now available when setting up Single Sign On (SSO) when publishing application on Azure Active Directory (AAD). After adding a new application in Azure AD you need to setup how the authentication is going to be proceed and most of the time you are going to setup SSO. The new SSO setup experience is more intuitive and will let you test the setup before…

Read More

Azure/Windows 10 – You can use your Authenticator App to sign in

Going the same way than Windows Hello for Business, you can now use your Microsoft Authenticator app to sign in to your corporate resources protected by Azure AD (Azure, Office 365, Azure published apps…) You need off course few prerequisites: Running Windows 10, registered to your Azure AD tenant Have setup an authentication policy on your Azure AD Have register your Microsoft Authenticator app Setup the authentication policy on Azure…

Read More

Azure – Azure AD authentication available in preview for Azure Files

You may already know Azure Files service allowing you to use Azure as files ‘server’ and off course Azure AD to manage authentication to your Microsoft cloud services (Azure and/or Office 365). Well, good news, you can use Azure AD to leverage authentication to access Azure Files; meaning you can set NTFS like permissions on Azure Files. Off course the existing storage account key process is still supported and available.…

Read More

Azure AD – New location to manage guest and organizational relationship

Azure AD has been updated with a new configuration blade called Organizational Relationships.This new configuration blade is the new location to manage guest users permissions and invitations   You now have access to a comprehensive list of users from external organizations (guest) with the option (as you already from the users list) to create a new guest By the way the invitation email has been also updated to use your…

Read More

Azure – An updated interface for Azure AD Roles management

The Azure Active Directory Roles configuration blade has been updated to provide more details and management option for Azure AD Roles. Connect to your Azure administration portal (https://portal.azure.com) or Azure AD administration portal (https://aad.portal.azure.com) and reach out your Azure Active Directory blade or Then reach out the Roles and administrators blade At first sight it does not seems to had some changes but it has been updated; first, if you…

Read More

Azure – New version of Azure AD Connect available for autoupgrade

If you have configured your Azure AD Connect (the directory synchronization tool for Azure AD and Office 365), a new version (1.1.880.0) has been made available. This version solves the issue with Azure AD Connect Health agent running 100% CPU – which was (incorrectly?) reported to be related to the Framework update. Also part of this update support for Windows Server 2019 Essentials and GA (general availability) of the integration…

Read More