Active Directory Federation Services / ADFS

Azure AD – Ensure you have TLS 1.2 enabled on your on-premises systems interacting with Azure AD

As announced in early November 2020, support for old versions of TLS (TLS 1.0 and TLS 1.1) and ciphers (3DES cipher suite) are going to be deprecated and no longer supported starting June 30, 2021. You have to ensure your on-premises systems interacting with Azure AD – such as Azure AD Connect, Azure AD Application […]

Azure AD – Ensure you have TLS 1.2 enabled on your on-premises systems interacting with Azure AD Read More »

Azure AD Connect / ADFS – You can now stage your migration from AD FS (preview)

When you are moving to cloud services (in this case Office 365 and/or Azure Active Directory/Azure), it is important that the authentication process is working seamlessly when you are moving away from federated authentication services (AD FS, Okta…) to cloud authentication. This means you need to be able to test and validate the process. Until

Azure AD Connect / ADFS – You can now stage your migration from AD FS (preview) Read More »

Azure – AD FS 4.0 is now available on Azure Marketplace

You can now quickly deploy a Windows Server 2016 virtual machine with AD FS configured for Federation and single sign on for cloud applications. Search the Azure Marketplace or the virtual machine catalog for “ADFS 4.0 Server Windows 2016” (I give you the direct URL for it https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cloud-infrastructure-services.adfs-server-2016 to the Marketplace). AD FS will then

Azure – AD FS 4.0 is now available on Azure Marketplace Read More »

Azure AD – New Azure AD Resilience feature coming, update to your ADFS required

New Azure Active Directory (AAD) feature is coming to provide more resilience. If you are using federated authentication, like with AD FS, you must be prepared and update your federation service to use the new endpoints. If you are using AD FS and use Azure AD Connect to configure/maintain it, Azure AD Connect will do

Azure AD – New Azure AD Resilience feature coming, update to your ADFS required Read More »

ADFS – Resolve authentication issue faster

Authentication is a key to access corporate resources, hosted either on-premises (you can use ADFS to authenticate against Exchange to access your mailbox) or in the cloud (Office 365, Azure, Salesforce…). While Microsoft is working hard to make authentication process to his services a little bit easier for end-users (password synch, seamless single sign-on…), you

ADFS – Resolve authentication issue faster Read More »

ADFS 4 – Enable device authentication method

With ADFS 4, you can easily enable device authentication as authentication method. This authentication method was already available in ADFS 3 but only as additional authentication method; with ADFS 4 this becomes also available as primary authentication method.   Upgrade Active Directory Federation schema This step is required if already have deployed a previous version

ADFS 4 – Enable device authentication method Read More »

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS

One of the improvements with ADFS 4 (on Windows Server 2016) is the integration of Azure MFA as multi factor authentication method as well as primary authentication method; you can still use the certificate based or the Azure MFA Server (see http://blog.hametbenoit.info/2014/08/18/azure-use-windows-azure-multi-factor-authentication-to-secure-your-on-premises-application-and-with-your-adfs/) for the multi factor methods. If you want to enable Azure MFA with

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS Read More »

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default

As you may know, a quick way to test your ADFS deployment is to access the idpinitiatedsignon sign page. As usual, I tried it after deploying my new ADFS 4.0 server and… got this error message The resource you are trying to access is not available. Contact your administrator for more information.   And the

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default Read More »

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443

You may already know that ADFS 3.0 (on Windows Server 2012 R2) already supports certificate authentication BUT using a different communication port than 443 (in fact 49443). With ADFS 4.0 (on Windows Server 2016), the certificate authentication can now use the 443 communication port, making thing easier to implement multi factor authentication using user certificate.

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443 Read More »

Security – Error after upgrading Multi Factor Authentication Server to version 7

If you are already using Microsoft Azure MFA with the on premises solution (Multi Factor Authentication Server) and want (or have already) to upgrade to the latest version (which is version 7.0.2 at the time of writing this post), you may experience the following error if you have integrated with ADFS (especially when you restart

Security – Error after upgrading Multi Factor Authentication Server to version 7 Read More »