Latest Entries »

Introduction to device management in Azure Active Directory:

https://docs.microsoft.com/fr-fr/azure/active-directory/devices/overview

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#getting-devices-under-the-control-of-azure-ad

As a rule of a thumb, you should use:

  • Azure AD registered devices:
    • For personal devices
    • To manually register devices with Azure AD
  • Azure AD joined devices:
    • For devices that are owned by your organization
    • For devices that are not joined to an on-premises AD
    • To manually register devices with Azure AD
    • To change the local state of a device
  • Hybrid Azure AD joined devices for devices that are joined to an on-premises AD
    • For devices that are owned by your organization
    • For devices that are joined to an on-premises AD
    • To automatically register devices with Azure AD
    • To change the local state of a device

How to Setup: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

c

Azure AD registered devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#azure-ad-registered-devices

 

Hybrid Azure AD joined devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#hybrid-azure-ad-joined-devices

 

To configure Hybrid Azure AD joined devices, kindly visit the link:

https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual-steps

 

Azure AD joined devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#azure-ad-joined-devices

 

Azure AD Join vs Azure AD Device Registration:

https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/

 

Manage devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#manage-devices

 

Device management tasks:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#device-management-tasks

 

Configure On-Premises Conditional Access using registered devices:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises

 

 

Advertisements

Lexique Français-Anglais des termes d’escalade:

https://www.camptocamp.org/articles/337564/fr/lexique-anglais-francais-des-termes-d-escalade

 

Les nœuds en escalade:

https://www.ffme.fr/fiches-ffme/page/techniques-noeuds.html

https://www.lesnoeuds.com/noeuds_escalade.html

https://www.petzl.com/FR/fr/Sport/N%C5%93uds

 

Les nœuds autobloquants:

 

Les relais:

https://escalroc.wordpress.com/technique-2/

Le relais avec un reverso:

Les rappels:

Manœuvre de haut de voie:

 

Rabouter deux cordes sous tension:

Les mouflages:

Sites:

http://www.pointsdechute.com

http://www.petzl.com

http://www.millet.fr

ProxyAddress attribute is used by different applications and it can store different type of user addresses (sip, smtp, x500).

If you sync accounts with non-verified domain to O365, those addresses can be replaced with the default onmicrosof.com domain.

Some interesting reading regarding this topic:

ADConnect not Syncing ProxyAccount for email Alias from on Premise AD to Azure AD

https://social.msdn.microsoft.com/Forums/azure/en-US/3226e41c-1db1-4299-9f24-0179e05fac09/adconnect-not-syncing-proxyaccount-for-email-alias-from-on-premise-ad-to-azure-ad-i-am-using?forum=WindowsAzureAD

List of attributes that are synced by the Azure Active Directory Sync Tool

https://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

A mail user who has proxy addresses that use non-verified domains isn’t synced in an Exchange hybrid deployment

https://support.microsoft.com/en-us/help/3124148/a-mail-user-who-has-proxy-addresses-that-use-non-verified-domains-isn

Wrong domain address when synchronizing from on premise AD

https://social.msdn.microsoft.com/Forums/azure/en-US/7ddc1885-850d-487f-bf40-a91f1f5d15c8/wrong-domain-address-when-synchronizing-from-on-premise-ad?forum=WindowsAzureAD

Azure AD Connect sync: Attributes synchronized to Azure Active Directory

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized

# Try without doing anything bad

Stop-Computer -WhatIf

# Stop the local computer

Stop-Computer

# Try without doing anything bad on multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’ -whatif

# Stop multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’

To create a registry value remotely:

Example:

PS D:\> enter-pssession -computername server.mydomain.local
[server.mydomain.local]: PS C:\Users\admin\documents> set-itemproperty -path HKLM:\System\CurrentControlSet\Services\NTDS\Parameters -Name “Maximum Audit Queue Size” -value 0x61a8
[server.mydomain.local]: PS C:\Users\admin\Documents> exit-pssession

Links:

https://www.computerperformance.co.uk/powershell/registry/

https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/10/use-powershell-to-create-new-registry-keys-on-remote-systems/

Two support articles to understand what is a DCV:

The Comodo DCV process is explained here: https://help.comodo.com/topic-437-1-843-10844-.html

Else another article:

https://www.namecheap.com/support/knowledgebase/article.aspx/9637/68/how-can-i-complete-the-domain-control-validation-dcv-for-my-ssl-certificate

Disabling SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

Note: dont forget to reboot the WAP and ADFS servers to take effect

To test SSL/TLS and much more you can use the free online tool from Qualys:

https://www.ssllabs.com/ssltest/index.html

 

https://support.office.com/en-us/article/Hybrid-Modern-Authentication-overview-and-prerequisites-for-using-it-with-on-premises-Skype-for-Business-and-Exchange-servers-ef753b32-7251-4c9e-b442-1a5aec14e58d

 

 

mono-tenant versus multi-tenant: https://support.office.com/en-us/article/office-365-inter-tenant-collaboration-eb45fd8b-1d5d-4b0c-9c5a-479dbb176e7d

There are drawbacks using multi-tenant ! like,

  • We cannot share domain namespace across multiple tenants; each tenant must have its own namespace; upn, smtp and sip namespaces cannot be shared
  • Exchange organisation and azure ad connect cannot be split across multiple tenants
  • Accounts cannot be shared and cannot be duplicated between the tenants
  • Licenses management and subscriptions are managed separately

How to register IP+hostname on DNS with AD-domain joined Linux with SSSD:

https://access.redhat.com/discussions/1547813

https://serverfault.com/questions/783864/windows-dns-server-register-a-non-dhcp-client-server-into-2008r2/783976#783976

https://www.freeipa.org/images/a/ae/FreeIPA33-sssd-dns-ad.pdf