Hasta La Vista ADFS – Migrate from AD FS to Azure AD with style

Reading Time: 7 minutes Microsoft introduced AD FS application activity report (preview) and Azure AD staged rollout (preview) back in November 2019. These announcements are great opportunities to start the planning year 2020, to get rid of your AD FS environments. I will throughout this post see if these tools can speed up the migration processes. Why start this project when my ADFS environment is working “perfectly” and our…

Read More

SAML – Azure AD AADSTS75011: authentication method ‘x509′,’Multifactor’

Reading Time: 2 minutes I had some trouble with an Azure AD integration with a 3.party SAML application. The users got Azure AD prompt, with the error below: AADSTS75011 authentication method ‘x509′, Multifactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Related to the failed login screen below, most logins were successful and looking into the user getting failure, the problem could…

Read More

FEITIAN FIDO Keys for Passwordless

Reading Time: 2 minutes I have gotten some new FIDO keys from FEITIAN, and have done some testing to see how they work with Azure AD and Passwordless.So this Blogpost is more like the following up series, from the last post https://alven.tech/passwordless-with-windows-10-and-yubikey Heard about Feitan? I certainly never heard about them before, and first came across FEITIAN, when Microsoft announced the partners for FIDO support.https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Microsoft-passwordless-partnership-leads-to-innovation-and-great/ba-p/566493 Looking more into FEITIAN…

Read More

Passwordless with Windows 10 and Yubikey

Reading Time: 4 minutes Look at these guys! They are so happy, they have gotten their Yubikey’s and are ready for some Passwordless Authentication with Windows 10. In March I posted a blog post about using Yubikey with Azure AD – https://alven.tech/yubico-with-azure-ad-mfa/,  So this post is a follow-up since Microsoft now has support for passwordless and Fido2 with Windows 10 (still only preview).In his post, I will go through…

Read More

Intune – iOS Company Portal not downloading (user affinity)

Reading Time: 5 minutes KEEPCALMANDCOMPANY PORTALWILLCOME In 2019, I have been working on an MDM iOS migration project from Jamf to Intune. In this project, we got some problems regarding Intune and Company Portal (VPP) not being downloaded with User affinity Enrollment profiles for iOS. Trough this post I want to give some more insight/details regarding this issue, and how we “Solved” (workaround) it. One of the technical requirements…

Read More

Yubico with Azure AD MFA

Reading Time: 4 minutes I recently bought the Yubikey 5C and Yubikey NFC from yubico.com. Yubico is in short summary a company behind Yubikey hardware auth device supporting (OTP,U2F and FIDO2) protocols. You can read much more information and details at yubico.com. Since I’m Interested In Security and Identity authentication, I wanted to do more testing with Azure MFA for OATH hardware tokens (public preview) and Windows 10 Passwordless…

Read More

Azure Migrate <3 GDPR

Reading Time: 4 minutes I have been following the development of Azure Migrate since my first trip to Ignite in 2017, and have been looking forward to getting this to EU regions, but I have been waiting with patience 🙂 The first time I thought Microsoft was to release Azure Migrate for EU Regions, was back in TechSummit in Paris, March 2018. The release would have been a perfect fit…

Read More

Kerberos authentication and HTTP header size

Reading Time: 2 minutes The last 4 years I have worked with developers to use modern Identity protocols like (SAML, OAuth, OIDC) on ADFS, Azure AD Enterprise Applications, Azure Application Proxy or G Suite for their applications. But from time to time I come over applications that cannot use ADFS or Azure AD etc, and the last time happened just before Christmas when I was working with a customer…

Read More

Multi-valued attributes with AD Connect and Azure AD

Reading Time: 2 minutes I was working with a use case on adding multi-value attributes for dynamic groups in Azure AD. I started off looking for on-prem AD attributes we could use for the multi-value string. To find these attributes I start PowerShell to get the AD Schema loaded. Next step was to add which optional attributes (muli-value) that I could use for testing. To filter the attributes I…

Read More

Connecting your on-premises lab to Azure with Azure Site-to-Site VPN

Reading Time: 4 minutes When running VM’s in the cloud you need to consider cost as part of your lab. And since running compute in Azure and AWS could be costly when you need to run your ADFS, AD Connect, AD and SQL etc 24/7, it’s still practical to have a lab on-prem. This article will go through the steps on how you can get your hybrid lab up…

Read More