Active Directory Federation Services / ADFS

Azure AD – Ensure you have TLS 1.2 enabled on your on-premises systems interacting with Azure AD

As announced in early November 2020, support for old versions of TLS (TLS 1.0 and TLS 1.1) and ciphers (3DES cipher suite) are going to be deprecated and no longer supported starting June 30, 2021. You have to ensure your on-premises systems interacting with Azure AD – such as Azure AD Connect, Azure AD Application […]

Azure AD – Ensure you have TLS 1.2 enabled on your on-premises systems interacting with Azure AD Read More »

Azure AD – New Azure AD Resilience feature coming, update to your ADFS required

New Azure Active Directory (AAD) feature is coming to provide more resilience. If you are using federated authentication, like with AD FS, you must be prepared and update your federation service to use the new endpoints. If you are using AD FS and use Azure AD Connect to configure/maintain it, Azure AD Connect will do

Azure AD – New Azure AD Resilience feature coming, update to your ADFS required Read More »

ADFS – Resolve authentication issue faster

Authentication is a key to access corporate resources, hosted either on-premises (you can use ADFS to authenticate against Exchange to access your mailbox) or in the cloud (Office 365, Azure, Salesforce…). While Microsoft is working hard to make authentication process to his services a little bit easier for end-users (password synch, seamless single sign-on…), you

ADFS – Resolve authentication issue faster Read More »

ADFS 4 – Enable device authentication method

With ADFS 4, you can easily enable device authentication as authentication method. This authentication method was already available in ADFS 3 but only as additional authentication method; with ADFS 4 this becomes also available as primary authentication method.   Upgrade Active Directory Federation schema This step is required if already have deployed a previous version

ADFS 4 – Enable device authentication method Read More »

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS

One of the improvements with ADFS 4 (on Windows Server 2016) is the integration of Azure MFA as multi factor authentication method as well as primary authentication method; you can still use the certificate based or the Azure MFA Server (see http://blog.hametbenoit.info/2014/08/18/azure-use-windows-azure-multi-factor-authentication-to-secure-your-on-premises-application-and-with-your-adfs/) for the multi factor methods. If you want to enable Azure MFA with

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS Read More »

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default

As you may know, a quick way to test your ADFS deployment is to access the idpinitiatedsignon sign page. As usual, I tried it after deploying my new ADFS 4.0 server and… got this error message The resource you are trying to access is not available. Contact your administrator for more information.   And the

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default Read More »

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443

You may already know that ADFS 3.0 (on Windows Server 2012 R2) already supports certificate authentication BUT using a different communication port than 443 (in fact 49443). With ADFS 4.0 (on Windows Server 2016), the certificate authentication can now use the 443 communication port, making thing easier to implement multi factor authentication using user certificate.

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443 Read More »

Security – Error after upgrading Multi Factor Authentication Server to version 7

If you are already using Microsoft Azure MFA with the on premises solution (Multi Factor Authentication Server) and want (or have already) to upgrade to the latest version (which is version 7.0.2 at the time of writing this post), you may experience the following error if you have integrated with ADFS (especially when you restart

Security – Error after upgrading Multi Factor Authentication Server to version 7 Read More »

Yammer – Finally Yammer is using Office 365 authentication

It has been announced some time ago, and now the roll out seems in a good progress. Yammer is finally now using your Office 365 tenant authentication scheme – be careful this will not work if you already have a federation with Yammer. This means when a user try to sign in to Yammer using

Yammer – Finally Yammer is using Office 365 authentication Read More »

ADFS 3 / Office 365 – Sign in with Lync mobile app on Android failed

While working on a project to deploy Office 365 with ADFS 3.0, I was running on an issue with the Lync mobile client on Android ONLY; other Lync client did not had the issue (on WIndows, WIndows Phone or iOS). The issue was the user was not able to sign in on the Lync 2013

ADFS 3 / Office 365 – Sign in with Lync mobile app on Android failed Read More »