Last week Microsoft made Azure AD conditional Access publicly available. Let me explain what it is and why we would like to have this.
What is it? First let’s talk about what it is. Azure AD conditional access lets you decide per application in Azure AD how your authentication should be handled. By default all the applications use the same kind of authentication. It does not matter if you are inside the company walls or at Starbucks.
This week I had a customer that has some data in their on-premises Active directory that we needed to use for a custom application in SharePoint Online. This data was placed in the ExtensionAttribute field of the user. With the latest version of Azure AD Connect we have the option to select attributes to sync to Azure Active Directory and that is what the customer did. https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-directory-extensions/
This screenshot has selected division and employeeID, but in the complete list of available attributes there are also the ExtensionAttributes.
Last week Microsoft has send an email that on august 15th 2016 the Azure AD token-signing certificate would roll over and that I had some applications that is using this token-signing certificates. The list of applications contains all of them, this was not very useful.
Luckily there is a short step-by-step instruction with a link to a complete manual (https://azure.microsoft.com/en-us/documentation/articles/active-directory-signing-key-rollover)
Because I manage a few Azure Active directories like many developers, this was going to give me some work.
Last week I was getting complaints by users in our Office 365 environment that the address book in Exchange was not up to date. The issues was that users where getting email addresses with the .onmicrosoft.com as the default email address. The users with these onmicrosoft.com mail addresses where users that are in our on-premises Exchange environment.
The situation At this customer we have a select group of users in Office 365 and all other users are in an on-premises Exchange environment.
Two weeks after my visit to SharePoint Saturday Paris I visited SharePoint Saturday Netherlands. The schedule for today was a bit more relaxed than in Paris. We had 4 session slots of 75 minutes with great sessions and more time in between the sessions to have a chat with sponsors, trying out the HoloLens and playing some games. The HoloLens is a very cool device and I tried it here for the first time.
In Office 365 we have the option to give some of our users an administrative role, but what role(s) can we give them?
This post will be an overview of the available roles within the portal and PowerShell.
What roles do we have in the portal? Within the portal we have the following roles available
Global administrator Billing administrator Exchange administrator Password administrator Skype for Business administrator Service administrator SharePoint administrator User management administrator Microsoft did a great job outlining what each of these roles can do.
Some time back we updated Azure AD Connect at a customer to the latest version. The update itself was an easy one, just next, next finish like they described on the Azure site. But what we found is that the sync engine itself was completely different. The previous version had a Windows timer job as it schedule and ran every 3 hour. You also where able to run that command (DirSyncClientCmd) with a parameter (initial or delta) to run a new or delta sync.
From the beginning of SharePoint Online we have the option to share a site or document with an external user. When you use this feature the recipient need to have a Microsoft Account to login your SharePoint environment. Because this can be very confusion for the user, Microsoft is working on a Business 2 Business connection within Azure AD. With this connection you can share that same site or document with a user from another Azure AD tenant.