ADFS – Single Sign On with automatic Login on Edge Browser

Today I would like to share my experience when it comes to add a User Agent (e.g. Browser) to the list of Single Sign On capable applications. There is quite a good Article from Microsoft that describes how to add a User agent to the ADFS Configuration, you will find this Article here:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia
Continue reading

Azure Information Protection: If OS {7, 8, 10} and Office {2010, 2013, 2016, 365} which Clients do I need for AIP?

Currently many customers are looking for a solution to protect their content, and finding themself within the Microsoft Office 365 and Azure Ecosystem, and realizing, that they might already been able to use a solution for Information Protection. But this leads often to the Question, how can I, and more important, how can my users take advantage of Azure Information Protection (AIP)?
I will try to answer those questions within this Blog Post.
Continue reading

Azure AD Domain Services – What you can do, and what you can’t do

Since Microsoft has Released Azure AD Domain Services, many questions are coming up, and the top one of them might be: Can I join my Windows 10 Client through the internet to my Domain and receive Group Policies? No, you can’t.
But besides this, there are other questions that remains to be answered, and I will try to do so.
The first thing is to explain, what is required to get the Azure AD Domain Services (AAD DS) up and running:
1. Create a group in Azure AD called “AAD DC Administrators”
2. Create a VNET in Azure if not already existent
3. Activate the AAD DS in the Azure Portal:
Active Azure AD Domain Services
4. Update DNS Settings for the specific VNET
And now, you are ready to go, for a more detailed explanation refer to this Microsoft Article.

Continue reading

Azure AD – Remove Registered Device

Today I was asked how to remove a registered Device from the Azure Active Directory, for all of those asking, what is a registered Device, see this Azure Article, and you can automate this step for your users, if you are following this Azure Article. But what if you would like to remove the registered Device of a User? You can do that through the Portal:
Azure AD Remove Device trhough Portal
Or you can use PowerShell to do that! Continue reading

Windows 10 – Deploy Profile Picture to Logon Screen

In my current deployment I wanted to get our fancy pictures from Active Directory to our Windows 10 Machines where it can be used for the logon screen and other places like start menu:
Windows 10 Logon Screen User Picture

First, I want to let you know, how I add the Picture to my user accounts. Well this is quite simple, I just use those two lines of Powershell:
$userphoto = [byte[]](Get-Content "C:\temp\MYUserPic.jpg" -Encoding byte)
Set-ADUser -Identity MYUserPic -Replace @{thumbnailPhoto=$userphoto}

If this is done, and you have also Azure AD Connect in Place, your picture will be synced to Azure AD as well, and therefore the picture will show up in Office365. Mind that there are different recommendations for specific systems (Exchange, Office365, Skype for Business), but you can also use high-resolution images. See also this Microsoft Knowledgebase article for issues with pictures larger than 100kb: Technet Article Exchange Online Hybrid Image size
Continue reading

ADFS – Install Web Application Proxy fails with 401: Unauthorized

Hi,

today I faced the issue, that when I tried to install my Web Application Proxy for ADFS, it permanently fails with the Event ID 422:
AD FS Event ID 422
With Text:
‎Unable to retrieve proxy configuration data from the Federation Service.
Additional Data
Trust Certificate Thumbprint:
3CD8F7C4697ED510546F74C25B4FD4F8C183CE34

Status Code:
Unauthorized
Exception details:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()
—- End Snip—
I was quite sure, that I had everything quite well configured, and that I was using the correct certificate. Continue reading