Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: AAD Connect + Ping Federate You are correct - a domain in Azure AD can't be federated to two different federation endpoints. Perhaps an alternate way to accomplish this is to enable pw hash sync and fall back to that to minimize user impact then you can switch the federation provider and turn it back to federation (unless you see that PHS is really good way to do auth and select to simplify your setup by removing federation all together) Recommend looking at the deployment guides for ADFS to PHS here: http://aka.ms/deploymentplans Brjann Re: AAD Connect + Ping Federate I would recommend connecting with Ping Identity sales team. Ping Access is not seen as an upgrade or instead of Ping Federate - they play different roles in your access strategy but it would be wrong of me to try and explain that. In Azure AD there is one component that does all the authentication, federation and sso capabilities similar to what Ping Fed/ADFS does on premises and then the Application Proxy is about taking an internal web application and making this available to end users that are outside the network. Brjann Re: Azure AD group-based license management for Office 365 and more Not a good idea as when you clear the membership GBL will trigger a remove of the license and then you would have to re-apply them and hope that your timing matches that of GBL updating the assignments in Office for example. You will likely get some very unpredictable results if you keep running this on your groups. I understand that you are doing this as a simple version of dynamic groups which is an Azure AD Premium feature but you have to change the logic to not remove member unless he/she is really removed. Brjann Re: Agent for Identity Manager to sync to Azure AD Yes highly recommended to run Azure AD Connect as your identity bridge between on premises and cloud as it is frequently updated in sync with updates in Azure AD as well as in Office 365 in hybrid mode. In a FIM/MIM instance these frequent updates on the connector could make updates/changes that affect other connectors and more often than not organizations really dont want to touch their configured connectors and sync schedules. So yes the best practice is to have Azure AD Connect be your connection between AD and Azure AD. Brjann Re: Did Azure AD MFA change this weekend?Long time ago since you asked this but want to follow up and see if you are still seeing issues with your MFA experience. Sounds like your device has been allowed to save its credentials for amount of time and doesn't need to prompt every time. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next#remember-multi-factor-authentication-for-devices-that-users-trust Brjann BrekkanRe: Workplace Join - Windows 7 Scheduled Task Disappearing I recommend asking this question in a Windows client forum as this isnt really related to Azure AD. Brjann Brekkan - Azure AD Program Manager Re: AAD Connect + Ping Federate The integration with Ping is really around Ping Access and we released the preview together with Ping just a few days ago. https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/ The Ping Federate integration is purely a feature that will allow Azure AD Connect to launch the setup of Ping Federate. Just like with AD FS there is no integration needed with Azure AD Connect after the initial setup. Ping Federate has been a supported Azure AD compatible federation provider for many years and that doesn't change with this. Brjann Brekkan - Azure AD Program Manager Re: Single Sign On (SSO) with SAP / Fiori yes there are plenty of SAP and Azure AD SSO integrations already done: see this search on our marketplace for details on each of them: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/category/azure-active-directory-apps?page=1&search=sap Here is a great blog on SAP.com as well https://blogs.sap.com/2017/02/20/your-s4hana-environment-part-7-fiori-launchpad-saml-single-sing-on-with-azure-ad/ Brjann Brekkan - Azure AD Program Manager Re: Azure AD group-based license management for Office 365 and more Nasos_Kladakis Should help explain what the intentions are around availbility of Group Based License management with regards to version of Azure AD. Brjann Brekkan - Azure AD Program Manager Re: Unable to open Documents from SharePoint/OneDrive with Office 2013Only way I can think of trusted sites change would be if this change meant that you moved the site in or out of being able to do SSO (using same as with the Intranet Zone). Could be other things in there as well as it is a more relaxed security setting. The ADFS not being presented really sounds like you did move site that previously wasn't doing integrated auth to now trying to do that. I would recommend installing Fiddler on the box and capture the traffic and perhaps even more importantly connect with our Support team to help you track this down as they know exacatly how to capture the traffic and do the analysis that might take you hours/days. BrjannRe: Non-Windows 10 devices registration in AAD with Pass-Through Authentication (PTA)To support Automatic Registration of domain joined Win 7/8 devices you do need AD FS. We are investigating if we can enable this together with PTA but nothing to announce or confirm at this time. Brjann Brekkan Azure AD Program ManagerRe: New AAD Connect version available (1.1.443.0)OH yes please ensure that you all get over to Azure AD Connect. Mainstream support for DirSync and AADSync goes away on April 13, 2017. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated#deprecation-scheduleRe: Restricting client access to other Office 365 tenants Currently Azure AD tenant restrictions is the way to accomplish this. Can you give an example of scenario where you would have to restrict access when your users are not on your network? Say for example that one of your employees work for a non profit or volunteers at a school that has O365, or they get invited by their kids to review their schoolwork on their school OneDrive. The only way to really accomplish that blocking would be to have your company laptops limit access in the local firewall (feature we dont have today to do what tenant restriction does but do it client side). Brjann - Azure AD Customer Success team Re: Unable to open Documents from SharePoint/OneDrive with Office 2013 Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant? Is this happening for all users? Brjann - Azure AD Customer Success team Re: SharePoint Online based Extranet as an App in the App Launcher for Partner organisations? From the Azure AD side your partner admin would need to add your extranet site as an application and make that app available for self service so user can add it to their app panel. Like the scenario you are describing , enable to partner end user to easily add your site into the launcher. I will give our B2B team the feedback. Self Service app mangement docs for you info: https://docs.microsoft.com/en-us/active-directory/active-directory-self-service-application-access Brjann Re: Azure MFA for specific Office 356 services.With Azure AD you cant control access to a subset of SharePoint but can have unique policy for SharePoint vs Exchange for example. If you need deeper access controls inside of apps then you would need to look into Cloud App Security. https://www.microsoft.com/en-us/cloud-platform/cloud-app-securityRe: Preview of Azure AD Conditional Access Policies for devices, users and applicationsRecommend looking into this architecture documentation where you have a good description of the different settings. Intune is device based polices while Azure AD pivots on the identity and the service being accessed. With this new feature for device based access control Azure AD policy can be defined to look for a device, pc that is domain joined, registered or even compliant. The compliant setting requires that the device is enrolled and reported as in compliance by Intune. https://technet.microsoft.com/en-us/library/dn919927.aspx#mobility
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagGuidance for CVE-2024-0012, CVE-2024-9474 affecting PAN-OS using Microsoft Security capabilities A new critical vulnerability affecting PAN-OS has been identified and published last week, putting organizations using Palo Alto Networks’ firewalls at risk. In this blog post, we will demonstrate ho...Unlock Proactive Defense: Microsoft Security Exposure Management Now Generally Available As the digital landscape grows increasingly interconnected, defenders face a critical challenge: the data and insights from various security tools are often siloed or, at best, loosely integrated. Th...Guidance for handling “regreSSHion” (CVE-2024-6387) using Microsoft Security capabilities Guidance on how to assess potential exposure of the latest "regreSSHion" vulnerability using the integrated security tools from Microsoft Respond to trending threats and adopt zero-trust with Exposure Management Enable your proactive security program with Threat Analytics integration, updated Zero Trust initiative and get a sneak peek into upcoming enhancements to attack path management. Microsoft FAQ and guidance for XZ Utils backdoor Latest information about XZ Utils vulnerability and guidance on how to assess your potential exposure. Defender Vulnerability Management GA in government cloud General availability of Defender Vulnerability Management in GCC, GCC High and DOD clouds. Continue to safeguard your organization during NVD update delays Microsoft Defender Vulnerability Management uses multiple sources of vulnerability information, including the National Vulnerability Database (NVD), to ensure that organizations have acces...Vulnerability Descriptions enhanced with AI Our customers and partners have told us they want more information in Defender Vulnerability Management about CVEs to understand severity, potential impact and recommended remediations. Availability of Defender Vulnerability Management Standalone and Container vulnerability assessments Microsoft Defender Vulnerability Management is now available as standalone offer and extending vulnerability assessments to more cloud deployments with support for containers
MicrosoftMicrosoftMicrosoftMicrosoft
