70-742 Additional Notes – On-Prem AD Integration with Azure

December 7, 2017 at 9:44 pm

Azure

Want to integrate your on-prem Active Directory with Azure? Azure AD Connect makes this simple. Azure AD Connect is the answer (for now!) The techniques for doing this have changed many times over the years – this document provides the options and comparisons for you:

AD to Azure Integration Options

This connectivity provides the following:

  • Users can use a single identity to access on-premises applications and cloud services such as Office 365
  • Single tool to provide an easy deployment experience for synchronization and sign-in
  • Provides the newest capabilities for your scenarios; Azure AD Connect replaces older versions of identity integration tools such as DirSync and Azure AD Sync; see the link above

Azure AD Connect consists of the following three components:

  • Synchronization – this component is responsible for creating users, groups, and other objects; it is also responsible for making sure identity information for your on-premises users and groups is matching the cloud
  • AD FS – federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure; this can be used by organizations to address complex deployments, such as domain join SSO, enforcement of AD sign-in policy, and smart card or 3rd party MFA
  • Health Monitoring – Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity

Before installing this feature, you need to go through these hardware and software requirements carefully in order to ensure success. Note that there is an Express Setup option and this is only going to work if you have met all of these prerequisites. Note also that AD Federation Services in your on-prem is not necessarily a requirement.

Installation Requirements

Finally, here is a link to the Express Settings step-by-step:

Express Settings 

What was on Fire at Microsoft Ignite 2017?

October 2, 2017 at 3:17 pm

Ignite

This conference was certainly short on big product announcements, but it was long on visions for the future involving super exciting emerging technologies. Below is a list of hot topics from Microsoft at the event!

  • The keynote set the tone by emphasizing mixed reality, artificial intelligence (AI), and quantum computing; all of these are impacting key Microsoft products including Microsoft 365, Dynamics 365, and Azure
    • Microsoft 365 refers to Office 365, Windows 10, and Enterprise Mobility + Security plus other Microsoft apps
    • Dynamics 365 refers to Microsoft’s cloud-based ERP and CRM enterprise system
    • Azure is Microsoft’s public cloud offering
  • Microsoft is pushing a new programming language aimed at quantum computing
  • Microsoft 365 F1
  • Microsoft 365 Education
  • Microsoft 365 Powered Devices
  • Teams (replacing Skype for Business)
  • Bing with AI
  • LinkedIn Profile Cards in more and more MS apps
  • Windows AutoPilot – a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use; also, you can use Windows AutoPilot to reset, repurpose and recover devices
  • ATP – Windows Defender Advanced Threat Protection
  • Azure
    • Stack Shipping
    • Hybrid Benefit
    • Cost Management
    • Security Center
    • Machine Learning
    • Cosmos DB
    • Cognitive Services
  • SQL Server
    • Linux and Docker support
    • DB Migration Service (to Azure)
    • SQL Data Warehouse

Microsoft

70-742 Additional Notes – AD FS, WAP, and Preauthentication

September 18, 2017 at 11:07 am

When you are configuring AD FS and WAP you have two preauthentication methods and various types of preauthentication available. Here is a recap of when you would use the various methods and types:

  • AD FS preauthentication method
    • Type – Web and MSOFBA
      • WebApplication
      • Rich Office Client
      • SharePoint
      • Office Server
      • Custom WebApp
    • Type – HTTP Basic
      • Rich Client without HTTP Redirection
      • Exchange ActiveSync
      • Remote Desktop Gateway
    • Type – OAuth2
      • Application using OAuth2
      • Windows Store Apps
      • Custom Application
  • Pass-Through preauthentication method 
    • No authentication
    • Forward authentication
    • Anonymous website
    • Legacy application
    • Public website

70-742 Additional Notes – Restoring the Default GPOs

September 17, 2017 at 10:10 pm

70-742

You may find yourself in a situation where you need to restore the default domain policy or the default domain controllers policy to their original configurations. Thankfully – there is a tool for this – it is the aptly named dcgpofix.exe command line tool. This tools offers the following options:

  • /ignoreschema- this permits the command to run regardless of the AD scheme version in use
  • /target – permits you to specify exactly what object you want to restore
  • /? – permits the display of help on the command

70-742 Additional Notes – Federation Services Cmdlets for PowerShell

September 16, 2017 at 11:50 am

Be sure to run through these useful cmdlets for the management of Active Directory Federation Services. Remember, don’t go crazy with memorization here on cmdlets. Just remember the verb-noun syntax and review the list to see what is possible. Once again – don’t miss the READ MORE button in the blog post to see the complete list:

  • Add-​Adfs​Attribute​Store
    Adds an attribute store to the Federation Service.
  • Add-​Adfs​Certificate
    Adds a new certificate to AD FS for signing, decrypting, or securing communications.
  • Add-​Adfs​Claim​Description
    Adds a claim description to the Federation Service.
  • Add-​Adfs​Claims​Provider​Trust
    Adds a new claims provider trust to the Federation Service.
  • Add-​Adfs​Claims​Provider​Trusts​Group
    Creates a claims provider trust group based on metadata that contains multiple entities.
  • Add-​Adfs​Client
    Registers an OAuth 2.0 client with AD FS.
  • Add-​Adfs​Device​Registration​Upn​Suffix
    Adds a custom UPN suffix.
  • Add-​Adfs​Farm​Node
    Adds this computer to an existing federation server farm.
  • Add-​Adfs​Local​Claims​Provider​Trust
    Creates a local claims provider trust.
  • Add-​Adfs​Native​Client​Application
    Adds a native client application role to an application in AD FS.
  • Add-​Adfs​Non​Claims​Aware​Relying​Party​Trust
    Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.
  • Add-​Adfs​Relying​Party​Trust
    Adds a new relying party trust to the Federation Service.
  • Add-​Adfs​Relying​Party​Trusts​Group
    Creates a relying party trusts group.
  • Add-​Adfs​Scope​Description
    Adds a scope description in AD FS.
  • Add-​Adfs​Server​Application
    Adds a server application role to an application in AD FS.
  • Add-​Adfs​Trusted​Federation​Partner
    Adds configuration settings for trusted federation partners in AD FS.
  • Add-​Adfs​Web​Api​Application
    Adds a Web API application role to an application in AD FS.
  • Add-​Adfs​Web​Application​Proxy​Relying​Party​Trust
    Adds a relying party trust for the Web Application Proxy.
  • Disable-​Adfs​Application​Group
    Disables an application group.