Azure AD Connect – Configure the “Enable-ADSyncExportDeletionThreshold” wisely

Today would shed some light on the cmdlet “Enable-ADSyncExportDeletionThreshold” which comes with the Azure AD Connect. If you are using Azure AD Connect to synchronize your On-Premise Active Directory to Azure Active Directory, Azure AD Connect will never execute a batch of more than 500 objects to delete. You can check the current value by using “Get-ADSyncExportDeletionThreshold”:

Continue reading

Azure AD – Change from ADFS to pass-through Authentication

Since pass-through Authentication is GA and the major limitations are gone, I decided to change my Azure AD authentication against my local AD from ADFS to pass-through provided with Azure AD Connect.
For those who are not that familiar with the concept of pass-through authentication, on this Microsoft Article “How it works”, you will find all the information. The picture below is from this article as well.

Continue reading

ADFS – Single Sign On with automatic Login on Edge Browser

Today I would like to share my experience when it comes to add a User Agent (e.g. Browser) to the list of Single Sign On capable applications. There is quite a good Article from Microsoft that describes how to add a User agent to the ADFS Configuration, you will find this Article here:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia
Continue reading

Azure Information Protection: If OS {7, 8, 10} and Office {2010, 2013, 2016, 365} which Clients do I need for AIP?

Currently many customers are looking for a solution to protect their content, and finding themself within the Microsoft Office 365 and Azure Ecosystem, and realizing, that they might already been able to use a solution for Information Protection. But this leads often to the Question, how can I, and more important, how can my users take advantage of Azure Information Protection (AIP)?
I will try to answer those questions within this Blog Post.
Continue reading

Azure AD Domain Services – What you can do, and what you can’t do

Since Microsoft has Released Azure AD Domain Services, many questions are coming up, and the top one of them might be: Can I join my Windows 10 Client through the internet to my Domain and receive Group Policies? No, you can’t.
But besides this, there are other questions that remains to be answered, and I will try to do so.
The first thing is to explain, what is required to get the Azure AD Domain Services (AAD DS) up and running:
1. Create a group in Azure AD called “AAD DC Administrators”
2. Create a VNET in Azure if not already existent
3. Activate the AAD DS in the Azure Portal:
Active Azure AD Domain Services
4. Update DNS Settings for the specific VNET
And now, you are ready to go, for a more detailed explanation refer to this Microsoft Article.

Continue reading

Azure AD – Remove Registered Device

Today I was asked how to remove a registered Device from the Azure Active Directory, for all of those asking, what is a registered Device, see this Azure Article, and you can automate this step for your users, if you are following this Azure Article. But what if you would like to remove the registered Device of a User? You can do that through the Portal:
Azure AD Remove Device trhough Portal
Or you can use PowerShell to do that! Continue reading