It’s Time to Move to EDGE Mobile! Back in November 2019 the Managed browser was announced to be retired March 31 2020. Already from February 1, 2020, the Intune Managed Application was going to removed from Google Play Store and iOS App Store. Since March is right around the corner, it’s about time to get prepared to do the switch. Regarding a smooth transition, Microsoft…
Gearing up for Azure AD Connect cloud provisioning
In this post, we will cover the Azure AD Connect cloud provisioning (preview) released in November 2019. The Cloud provisioning is an Agent that can bridge between on-prem and Azure AD to sync users. I don’t see cloud provisioning as a replacement for AD Connect, but more like simplifying the way to configure user provisioning, across more complex setups with multiple or disconnected forests. Trying…
Hasta La Vista ADFS – Migrate from AD FS to Azure AD with style
Microsoft introduced AD FS application activity report (preview) and Azure AD staged rollout (preview) back in November 2019. These announcements are great opportunities to start the planning year 2020, to get rid of your AD FS environments. I will throughout this post see if these tools can speed up the migration processes. Why start this project when my ADFS environment is working “perfectly” and our…
SAML – Azure AD AADSTS75011: authentication method ‘x509′,’Multifactor’
I had some trouble with an Azure AD integration with a 3.party SAML application. The users got Azure AD prompt, with the error below: AADSTS75011 authentication method ‘x509′, Multifactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Related to the failed login screen below, most logins were successful and looking into the user getting failure, the problem could…
FEITIAN FIDO Keys for Passwordless
I have gotten some new FIDO keys from FEITIAN, and have done some testing to see how they work with Azure AD and Passwordless.So this Blogpost is more like the following up series, from the last post https://alven.tech/passwordless-with-windows-10-and-yubikey Heard about Feitan? I certainly never heard about them before, and first came across FEITIAN, when Microsoft announced the partners for FIDO support.https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Microsoft-passwordless-partnership-leads-to-innovation-and-great/ba-p/566493 Looking more into FEITIAN…
Passwordless with Windows 10 and Yubikey
Look at these guys! They are so happy, they have gotten their Yubikey’s and are ready for some Passwordless Authentication with Windows 10. In March I posted a blog post about using Yubikey with Azure AD – https://alven.tech/yubico-with-azure-ad-mfa/, So this post is a follow-up since Microsoft has now support for passwordless and Fido2 with Windows 10 (still only preview).In his post, I will go through…
Intune – iOS Company Portal not downloading (user affinity)
In 2019, I have been working on an MDM iOS migration project from Jamf to Intune. In this project, we got some problems regarding Intune and Company Portal (VPP) not being downloaded with User affinity Enrollment profiles for iOS. Trough this post I want to give some more insight/details regarding this issue, and how we “Solved” (workaround) it. One of the technical requirements for Intune…
Yubico with Azure AD MFA
I recently bought the Yubikey 5C and Yubikey NFC from yubico.com. Yubico is in short summary a company behind Yubikey hardware auth device supporting (OTP,U2F and FIDO2) protocols. You can read much more information and details at yubico.com. Since I’m Interested In Security and Identity authentication, I wanted to do more testing with Azure MFA for OATH hardware tokens (public preview) and Windows 10 Passwordless…
Azure Migrate <3 GDPR
I have been following the development of Azure Migrate since my first trip to Ignite in 2017, and have been looking forward to getting this to EU regions, but I have been waiting with patience 🙂 The first time I thought Microsoft was to release Azure Migrate for EU Regions, was back in TechSummit in Paris, March 2018. The release would have been a perfect fit…
Kerberos authentication and HTTP header size
The last 4 years I have worked with developers to use modern Identity protocols like (SAML, OAuth, OIDC) on ADFS, Azure AD Enterprise Applications, Azure Application Proxy or G Suite for their applications. But from time to time I come over applications that cannot use ADFS or Azure AD etc, and the last time happened just before Christmas when I was working with a customer…
