I had some trouble with an Azure AD integration with a 3.party SAML application. The users got Azure AD prompt, with the error below: AADSTS75011 authentication method ‘x509′, Multifactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Related to the failed login screen below, most logins were successful and looking into the user getting failure, the problem could…
FEITIAN FIDO Keys for Passwordless
I have gotten som new FIDO keys from FEITIAN, and have done some testing to see how they work with Azure AD and Passwordless.So this Blogpost is more like the following up series, from the last post https://alven.tech/passwordless-with-windows-10-and-yubikey Heard about Feitan? I certainly never heard about them before, and first came across FEITIAN, when Microsoft announced the partners for FIDO support.https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Microsoft-passwordless-partnership-leads-to-innovation-and-great/ba-p/566493 Looking more into FEITIAN…
Passwordless with Windows 10 and Yubikey
Look at these guys! They are so happy, they have gotten their Yubikey’s and are ready for some Passwordless Authentication with Windows 10. In March I posted a blog post about using Yubikey with Azure AD – https://alven.tech/yubico-with-azure-ad-mfa/, So this post is a follow-up since Microsoft has now support for passwordless and Fido2 with Windows 10 (still only preview).In his post, I will go through…
Intune – iOS Company Portal not downloading (user affinity)
In 2019, I have been working on an MDM iOS migration project from Jamf to Intune. In this project, we got some problems regarding Intune and Company Portal (VPP) not being downloaded with User affinity Enrollment profiles for iOS. Trough this post I want to give some more insight details regarding this issue, and how we “Solved” (workaround) it. One of the technical requirements for…
Yubico with Azure AD MFA
I recently bought the Yubikey 5C and Yubikey NFC from yubico.com. Yubico is in short summary a company behind Yubikey hardware auth device supporting (OTP,U2F and FIDO2) protocols. You can read much more information and details at yubico.com. Since I’m Interested In Security and Identity authentication, I wanted to do more testing with Azure MFA for OATH hardware tokens (public preview) and Windows 10 Passwordless…
Azure Migrate <3 GDPR
I have been following the development of Azure Migrate since my first trip to Ignite in 2017, and have been looking forward to getting this to EU regions, but I have been waiting with patience 🙂 The first time I thought Microsoft was to release Azure Migrate for EU Regions, was back in TechSummit in Paris, March 2018. The release would have been a perfect fit…
Kerberos authentication and HTTP header size
The last 4 years I have worked with developers to use modern Identity protocols like (SAML, OAuth, OIDC) on ADFS, Azure AD Enterprise Applications, Azure Application Proxy or G Suite for their applications. But from time to time I come over applications that cannot use ADFS or Azure AD etc, and the last time happened just before Christmas when I was working with a customer…
Multi-valued attributes with AD Connect and Azure AD
I was working with a use case on adding multi-value attributes for dynamic groups in Azure AD. I started off looking for on-prem AD attributes we could use for the multi-value string. To find these attributes I start PowerShell to get the AD Schema loaded. Next step was to add which optional attributes (muli-value) that I could use for testing. To filter the attributes I…
Connecting your on-premises lab to Azure with Azure Site-to-Site VPN
When running VM’s in the cloud you need to consider cost as part of your lab. And since running compute in Azure and AWS could be costly when you need to run your ADFS, AD Connect, AD and SQL etc 24/7, it’s still practical to have a lab on-prem. This article will go through the steps on how you can get your hybrid lab up…
