AzureAD – Office 365 Tokens Lifetime

Understanding Tokens How the Modern Authentication Protocol Works Once Modern Authentication is enabled a user will authenticate with one of the Office 365 services and they will be issued both an Access Token and a Refresh Token.  The Access Token is a short-lived token, valid for about 1 hour’s time.  The Refresh Token is longer-livedContinue reading “AzureAD – Office 365 Tokens Lifetime”

Office 365 – Set password expiration policies

Reference article: https://docs.microsoft.com/en-us/office365/admin/add-users/set-password-to-never-expire?view=o365-worldwide   # Set a password to expire Run one of the following commands: To set the password of one user so that the password expires, run the following cmdlet by using the UPN or the user ID of the user: Set-AzureADUser -ObjectId <user ID> -PasswordPolicies None To set the passwords of allContinue reading “Office 365 – Set password expiration policies”

Office 365 – How to Connect to using saved encrypted user credentials

By default, when using a PowerShell script in an Office 365 environment, that need to provide user credentials, we use a PowerShell such as – Get-Credential. The Get-Credential displays a pop out credential’s windows in which the user needs to fill in his credentials. The information about the user credentials can saved in a variable,Continue reading “Office 365 – How to Connect to using saved encrypted user credentials”

Intune with SCCM with internal PKI certificates

To configure Intune to enroll devices with internal PKI certificates and with SCCM in co-management mode read first the articles below: https://docs.microsoft.com/en-us/intune/certificates-configure https://docs.microsoft.com/en-us/intune/certificates-scep-configure https://support.microsoft.com/en-us/help/4459540/troubleshoot-ndes-configuration-for-use-with-intune https://howtomanagedevices.com/intune/258/intune-certificate-deployment-guide/ https://blogs.technet.microsoft.com/tune_in_to_windows_intune/2015/02/25/part-4-protecting-ndes-with-azure-ad-application-proxy/ https://blogs.technet.microsoft.com/tune_in_to_windows_intune/2014/04/25/part-2-scep-certificate-enrolling-using-configmgr-2012-crp-ndes-and-windows-intune/   NDES troubleshooting articles: https://gsecse.wordpress.com/2015/10/06/ndes-deployment-and-troubleshooting/ https://docs.microsoft.com/en-us/intune/certficates-pfx-configure https://blogs.technet.microsoft.com/askds/2008/04/28/configuring-network-device-enrollment-service-for-windows-server-2008-with-custom-certificates/ https://blog.hosebei.ch/2016/11/28/configmgr-ndes-certificate-deployment-fails-due-to-network-device-enrollment-service-failure/ https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Configuring-and-Troubleshooting-PFX-PKCS/ba-p/516450 https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application Note : a GitHub script to validate the NDES configuration: Validate-NDESConfiguration.ps1. https://github.com/microsoftgraph/powershell-intune-samples/tree/master/CertificationAuthority    

Azure AD and AD Password protection

Azure AD password protection is now generally available: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Password-Protection-is-now-generally-available/ba-p/377487   Azure AD password protection – how to eliminate bad passwords: Architecture (to cover also onprem AD domain controllers):   Deployment: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy   Eliminate bad passwords in your organization: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad#license-requirements   Azure AD Password protection monitoring: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-monitor   Azure AD password protection troubleshooting: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-troubleshoot    

Azure AD passwordless login in public preview

Microsoft has recently announced the public preview of Azure Active Directory’s passwordless login. This new capability enables your employees to use external security keys to sign into their Azure Active Directory-Joined Windows 10 machines (running version 1809 or higher) and get single sign-on to their cloud resources. They can also sign into Azure AD-connected apps on supported browsers including the latest versions of Microsoft Edge and Mozilla Firefox.Continue reading “Azure AD passwordless login in public preview”

MS Flow and PowerApps allows multiple environments

Article about multi environments in a single tenant: An environment is a space to store, manage, and share your organization’s business data, apps, and flows. They also serve as containers to separate apps that may have different roles, security requirements, or target audiences: https://flow.microsoft.com/fr-fr/blog/intro-flow-admin-center/ https://docs.microsoft.com/en-us/flow/environments-overview-maker https://docs.microsoft.com/en-us/power-platform/admin/environments-overview Licensing: https://docs.microsoft.com/fr-fr/power-platform/admin/trial-environments   Compare the PowerApps Plan: https://powerapps.microsoft.com/en-us/pricing/#compare-plans https://docs.microsoft.com/fr-fr/power-platform/admin/pricing-billing-skus#licensesContinue reading “MS Flow and PowerApps allows multiple environments”