Author Archives: Paul Williams

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.

#ADFS, IWA and the WIASupportedUserAgents property

Recently, I’ve found myself answering several questions and writing emails and some change control paperwork on the topic of Integrated Windows Authentication (IWA) in AD FS.  I’m going to commit the behaviour to this blog for posterity and easy (lazy) … Continue reading

Posted in AD FS | Tagged , , , , , , , , , , | 1 Comment

#ADFS and #MFA load balancer guidance

When designing Active Directory Federation Services (AD FS) my actual involvement with the networking guys who handle the load balancer configuration is generally limited to a few calls and emails.  We provide some requirements in the forms of availability and … Continue reading

Posted in AD FS, Azure MFA | Tagged , , , , , , , , , | 3 Comments

Controlling or scoping the synchronisation of #AzureAD DRS devices back to your on-premises #ActiveDirectory forest using #AADConnect

Azure Active Directory (Azure AD, AAD) Connect can optionally synchronise Azure AD device objects, registered either via Azure Device Registration Service (Azure DRS); InTune; or Office 365 Mobile Device Management (MDM), back to your on-premises Active Directory Domain Services (AD … Continue reading

Posted in AADSync, Azure AD Connect | Tagged , , , , , , , | Leave a comment

Multi-Factor Authentication and multiple identity providers

When you implement an additional authentication provider in your Active Directory Federation Services (AD FS) identity provider (IdP) you soon start getting all manner of requests from application owners/managers within the business for multi-factor authentication (MFA) configuration.  For the most … Continue reading

Posted in AD FS | Tagged , , , , , , , , | 3 Comments

Time for a change

When I first created this blog several years back WordPress asked me for a catchy site title and a brief synopsis for the site tagline.  I hadn’t really thought about this, so looked at the pre-filled strings and largely accepted … Continue reading

Posted in About | Leave a comment

Active Directory Federation Services (#ADFS) Single Sign On (SSO) and token lifetime settings

To understand Single Sign-On (SSO) and Persistent Single Sign-On (PSSO) in Active Directory Federation Services (AD FS) you must first understand the authentication cookie.  After the initial logon is validated an authentication cookie is written to the client (typically a … Continue reading

Posted in AD FS | Tagged , , , , , | 1 Comment

Adding a link to the #AzureAD Password Reset web site in your #ADFS forms-based sign-in pages

Implementing Azure Active Directory Password Reset?  Want to make it a bit easier for your users who logon to Azure AD using federated identities to get to the self-service password reset and/or unlock portal? Take the following customised forms-based authentication … Continue reading

Posted in AD FS | Tagged , , , , , | Leave a comment