Azure Active Directory (Azure AD) is making things easier to collaborate with external users (guest) by supporting email one-time password. This new capability (in preview) allows external users (guests) to sign in and authenticate against your Azure AD using a one time password (OTP) send by email when they do not have already a Microsoft corporate account (Azure AD), Google ID or Microsoft personal account (MSA). Each time such guest…
Read MoreAzure – Workday integration with Azure AD is getting stronger
As you may already know you can use Workday to automatically manage user account provisioning/termination with Azure AD (and/or Active Directory). Well this integration is getting stronger and simpler as the solution is now reaching the general availability state with some interesting updates: The new Provisioning Agent with built-in support for high availability and failover allows you to configure user provisioning to multiple on-premises Active Directory domains User account provisioning…
Read MoreSCCM – Use Autopilot when deploying OS
Following the availability of the new SCCM Current Branch build (1810), it is now possible to use the built-in SCCM task sequence to use Autopilot when deploying OS. To use it, you need to create an SCCM package which will contains the Autopilot settings and use the SCCM tasks sequence (this is not available for MDT integrated task sequence) and choose the Deploy Windows Autopilot for existing devices To create…
Read MoreTeams – New administration roles are available
New administration roles are now available to delegate Teams administration. These roles are: Teams Service Administrator: Self explanatory. Teams SA has complete control and access to Microsoft Teams configuration and settings and has also the ability to manage and create Office 365 Groups. Management can be performed either through the Teams administration portal or PowerShell Teams Communication Administrator: A Teams Communication Administrator can manage meetings and calling functionality in Microsoft…
Read MoreIntune – You can now get Windows 10 join an Active Directory Domain (preview)
It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…
Read MoreAzure AD Connect – A new version of the directory synchronization tool is available
A new version (1.2.65.0) of Azure AD Connect has been released. You can get it from http://go.microsoft.com/fwlink/?LinkId=615771 You need to know that this version is going to overwrite your setting for autoupgrade if you have it set to not automatically update. Before Update After Update If you want to keep the autoupgrade disabled you will need to run the following command after the upgrade is completed Set-ADSyncAutoUpgrade -AutoUpgradeState Disabled As…
Read MoreAzure MFA – Support for hardware OAth token and multiple MFA devices coming on Azure MFA
You may be already aware of the Azure Multi Factor Authentication (MFA) solution which has been available for quite some time. Well, good news as Azure MFA is now going to support hardware tokens (OATH-TOTP SHA-1). As you may already know Azure MFA requires end-user to have a phone available (either mobile or desk phone) to be able to challenge the MFA request – either with a call (desk/mobile), text…
Read MoreAzure AD – You can now send your Azure AD logs to Log Analytics
You may already know that you can have Azure AD Diagnostic logs; but do you know you can now send these logs to Log Analytics for consolidation and better analysis? To do so, just logon to your Azure AD administration portal (https://aad.portal.azure.com) or Azure portal (https://portal.azure.com) and reach out the Azure AD configuration blade. From there, scroll down to reach the Monitoring section and click on the Diagnostic settings –…
Read MoreAzure AD – New capabilities for identity governance on Azure AD
You can now define policies to let your end-users requesting access to your corporate resources – from group membership to role permissions – either with automated or manual approval. At this stage, this is currently available only through private preview. You can register your interest here https://aka.ms/azureadidentitygovernancepreview
Read MoreIntune – Display an enrollment status page
With the latest Intune update, you can now display an enrollment status page after a Windows 10 device has been registered. The page will let your end-users know what is happening while their device is finalizing the registration process. To do so, you first need to enable the feature in Intune Connect to your Azure portal and reach out the Intune configuration blade Then reach out the Device Enrollment\Windows Enrollment…
Read MoreExchange Online – Implement ‘Limited Access’ Conditional Access
You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…
Read MoreAzure AD – New SSO setup experience
An updated and refreshed experience is now available when setting up Single Sign On (SSO) when publishing application on Azure Active Directory (AAD). After adding a new application in Azure AD you need to setup how the authentication is going to be proceed and most of the time you are going to setup SSO. The new SSO setup experience is more intuitive and will let you test the setup before…
Read MoreAzure/Windows 10 – You can use your Authenticator App to sign in
Going the same way than Windows Hello for Business, you can now use your Microsoft Authenticator app to sign in to your corporate resources protected by Azure AD (Azure, Office 365, Azure published apps…) You need off course few prerequisites: Running Windows 10, registered to your Azure AD tenant Have setup an authentication policy on your Azure AD Have register your Microsoft Authenticator app Setup the authentication policy on Azure…
Read MoreAzure – Azure AD authentication available in preview for Azure Files
You may already know Azure Files service allowing you to use Azure as files ‘server’ and off course Azure AD to manage authentication to your Microsoft cloud services (Azure and/or Office 365). Well, good news, you can use Azure AD to leverage authentication to access Azure Files; meaning you can set NTFS like permissions on Azure Files. Off course the existing storage account key process is still supported and available.…
Read MoreAzure AD – New location to manage guest and organizational relationship
Azure AD has been updated with a new configuration blade called Organizational Relationships.This new configuration blade is the new location to manage guest users permissions and invitations You now have access to a comprehensive list of users from external organizations (guest) with the option (as you already from the users list) to create a new guest By the way the invitation email has been also updated to use your…
Read More
Recent Comments