Latest Entries »

Introduction to device management in Azure Active Directory:

As a rule of a thumb, you should use:

  • Azure AD registered devices:
    • For personal devices
    • To manually register devices with Azure AD
  • Azure AD joined devices:
    • For devices that are owned by your organization
    • For devices that are not joined to an on-premises AD
    • To manually register devices with Azure AD
    • To change the local state of a device
  • Hybrid Azure AD joined devices for devices that are joined to an on-premises AD
    • For devices that are owned by your organization
    • For devices that are joined to an on-premises AD
    • To automatically register devices with Azure AD
    • To change the local state of a device

How to Setup:


Azure AD registered devices:


Hybrid Azure AD joined devices:


To configure Hybrid Azure AD joined devices, kindly visit the link:


Azure AD joined devices:


Azure AD Join vs Azure AD Device Registration:


Manage devices:


Device management tasks:


Configure On-Premises Conditional Access using registered devices:




Lexique Français-Anglais des termes d’escalade:


Les nœuds en escalade:


Les nœuds autobloquants:


Les relais:

Le relais avec un reverso:

Les rappels:

Manœuvre de haut de voie:


Rabouter deux cordes sous tension:

Les mouflages:


ProxyAddress attribute is used by different applications and it can store different type of user addresses (sip, smtp, x500).

If you sync accounts with non-verified domain to O365, those addresses can be replaced with the default domain.

Some interesting reading regarding this topic:

ADConnect not Syncing ProxyAccount for email Alias from on Premise AD to Azure AD

List of attributes that are synced by the Azure Active Directory Sync Tool

A mail user who has proxy addresses that use non-verified domains isn’t synced in an Exchange hybrid deployment

Wrong domain address when synchronizing from on premise AD

Azure AD Connect sync: Attributes synchronized to Azure Active Directory

# Try without doing anything bad

Stop-Computer -WhatIf

# Stop the local computer


# Try without doing anything bad on multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’ -whatif

# Stop multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’

To create a registry value remotely:


PS D:\> enter-pssession -computername server.mydomain.local
[server.mydomain.local]: PS C:\Users\admin\documents> set-itemproperty -path HKLM:\System\CurrentControlSet\Services\NTDS\Parameters -Name “Maximum Audit Queue Size” -value 0x61a8
[server.mydomain.local]: PS C:\Users\admin\Documents> exit-pssession


Two support articles to understand what is a DCV:

The Comodo DCV process is explained here:

Else another article:

Disabling SSL/TLS Protocols and Cipher Suites for ADFS:

Note: dont forget to reboot the WAP and ADFS servers to take effect

To test SSL/TLS and much more you can use the free online tool from Qualys:



mono-tenant versus multi-tenant:

There are drawbacks using multi-tenant ! like,

  • We cannot share domain namespace across multiple tenants; each tenant must have its own namespace; upn, smtp and sip namespaces cannot be shared
  • Exchange organisation and azure ad connect cannot be split across multiple tenants
  • Accounts cannot be shared and cannot be duplicated between the tenants
  • Licenses management and subscriptions are managed separately

How to register IP+hostname on DNS with AD-domain joined Linux with SSSD: