Monthly Archives: July 2016

Controlling or scoping the synchronisation of #AzureAD DRS devices back to your on-premises #ActiveDirectory forest using #AADConnect

Azure Active Directory (Azure AD, AAD) Connect can optionally synchronise Azure AD device objects, registered either via Azure Device Registration Service (Azure DRS); InTune; or Office 365 Mobile Device Management (MDM), back to your on-premises Active Directory Domain Services (AD … Continue reading

Posted in AADSync, Azure AD Connect | Tagged , , , , , , , | Leave a comment

Multi-Factor Authentication and multiple identity providers

When you implement an additional authentication provider in your Active Directory Federation Services (AD FS) identity provider (IdP) you soon start getting all manner of requests from application owners/managers within the business for multi-factor authentication (MFA) configuration.  For the most … Continue reading

Posted in AD FS | Tagged , , , , , , , , | 1 Comment

Time for a change

When I first created this blog several years back WordPress asked me for a catchy site title and a brief synopsis for the site tagline.  I hadn’t really thought about this, so looked at the pre-filled strings and largely accepted … Continue reading

Posted in About | Leave a comment

Active Directory Federation Services (#ADFS) Single Sign On (SSO) and token lifetime settings

To understand Single Sign-On (SSO) and Persistent Single Sign-On (PSSO) in Active Directory Federation Services (AD FS) you must first understand the authentication cookie.  After the initial logon is validated an authentication cookie is written to the client (typically a … Continue reading

Posted in AD FS | Tagged , , , , , | 1 Comment

Adding a link to the #AzureAD Password Reset web site in your #ADFS forms-based sign-in pages

Implementing Azure Active Directory Password Reset?  Want to make it a bit easier for your users who logon to Azure AD using federated identities to get to the self-service password reset and/or unlock portal? Take the following customised forms-based authentication … Continue reading

Posted in AD FS | Tagged , , , , , | Leave a comment

Integrated Windows Authentication (IWA) with Enhanced Protection for Authentication (EPA) and Chrome–it now works!

Some time back I posted quite a popular post describing the effect of a bug in Chrome that prevented the use of Enhanced Protection for Authentication, a.k.a. TLS channel binding, when authenticating via Integrated Windows Authentication (IWA).  I cared about … Continue reading

Posted in AD FS, News | Tagged , , , , , | 1 Comment

Azure Multi-Factor Authentication (#AzureMFA) and Active Directory Federation Services (#ADFS)

Today, implementing Azure Multi-Factor Authentication (MFA) in an hybrid identity and access management solution based on Azure Active Directory (Azure AD, AAD) and Active Directory Federation Services (AD FS) more often than not requires that you implement the on-premises Azure … Continue reading

Posted in AD FS, Azure MFA | Tagged , , , , , | 9 Comments