Here’s something I discovered recently and would like to share with you. If you are using Skype for Business Online and want to control access to it using Conditional Access policy, you should be aware that under certain circumstances the control can be completely bypassed. The problem has to do with the fact that Conditional Access… Read More »
I recently had a challenge with a customer that had on-premises Skype for Business (SfB) and were looking to migrate to SfB Online. They did not want to federate the two infrastructures, but instead wanted to undertake a re-pointing of users at a given point in time by modifying the DNS records. When they introduced… Read More »
Last week I came across an issue when attempting to create a new custom synchronisation rule in Azure AD Connect. When I tried to finish the wizard and add the rule, I received the error: “Object reference not set to an instance of an object”. The workaround is to add a tag to the rule… Read More »
I hit this problem while working with Azure AD Connect at a customer earlier this week. The situation was that AAD Connect had already been configured with Pass-Through Authentication, which was working as expected. The next step was to enable Seamless Single Sign-On, but this failed with the following: ‘Failed to create single sign-on secret… Read More »
This post provides a quick introduction to the features available with Azure Active Directory Business to Business (B2B) Collaboration – currently in Public Preview. I’ll cover how to add someone outside your organisation to your Azure AD instance, as well as how to assign administrative privilege over the Azure subscription to the external partner through RBAC… Read More »
Recently I set up Web Application Proxy (WAP) instances for a customer to support remote access to several on-premises web applications. I was looking for a cheap and effective means of ensuring the service continued to be available to clients in the event that one of the WAP instances went down. Someone recommended using Azure Traffic Manager (ATM)… Read More »
Qasim Zaidi has an old but really good blog entry on enabling change notification for Active Directory site links. For a long time now I’ve encouraged my customers (those with decent bandwidth between sites) to enable change notifications on site links rather than wait the 15 minutes (minimum) for replication between sites. Qasim’s blog references a Powershell… Read More »
The other day one of my customers was testing remote access to a web application via the Web Application Proxy (WAP). Everything seemed to working except some reports. These generated “HTTP Error 400. The request URL is invalid”. Given that the reports worked well inside the corporate network it pointed to an issue with the… Read More »
I recently helped a customer to set up a Web Application Proxy (WAP) service to do pre-authentication to a SAP CRM system. Within the network everything was working well via ADFS and authentication was just fine. Coming through the WAP however I got a 404 error. The SAP CRM debug log showed a difference in… Read More »
Here are two ways to find the GUID (also referred to as the TenantID) associated with your Azure Active Directory (AAD) instance. 1. Embedded in the URL in the Azure Portal Log into the Azure Portal. Select Active Directory from the left hand pane. Click on the Active Directory instance you are interested in (you… Read More »