Azure AD Identity Protection dashboard

Azure AD Privileged Identity Management full Ins and Outs

Identities are key, especially in an online or hybrid world. We create more and more valuable and secure cloud resources, yet we find ourselves with only one method to access them alltogether: our user accounts. The more we build, the better we need to protect our user accounts. Now before I get into a discussion about security and user accounts in general, let’s set our scope of this blog. Today I would like to talk about Microsoft’s new security principal when it comes to our most beloved accounts: our administrative accounts, or better even: the way Microsoft changes our perception about security. As you know I’m a very visual person and I like to use example scenarios, so let’s set our example for today which is a real world example of any cloud consultant out there: imagine a cloud consultant persona that performs implementations, performs deep technical troubleshooting and provides consultancy Read More

Azure AD Identity Protection dashboard

AD DS: Split-brain DNS, Conditional Forwarders and Pinpoint records

With the coming of the cloud age, hosted infrastructure (Infrastructure as a Service) in Azure, infrastructure has instantly become more complex than ever. Organizations explore their options to extend their services to Microsoft Azure and Office 365. The fine line between internal and external service exposure has thinned even further. Employees often can’t even tell if services are hosted either internally or externally. Since July 2012, internal service names cannot be part of certificate subjects anymore, forcing customers to use split-brain DNS. Which leads us to our first question: What exactly is split-brain DNS and why do I need it? Let’s start with DNS in general. DNS is considered to be either ‘internal’ or ‘external’ to any organization. Internal DNS is usually Active Directory integrated, or represented by a network appliance. Nearly all resources for a client within the organization are domain-joined, hence considered ‘internal’. If you host certain services that Read More

Azure AD Identity Protection dashboard

UC UK Day 2016 now to feature Azure track!

I’m glad to announce that inovativ will attend this years’ UC UK day on October 24th in Birmingham, United Kingdom. This one-day event (plus optional pre-conference day) is an absolute gem for all Exchange and Skype for Business technology specialists. This year however will feature a whole new Azure track! Hear their own pitch and consider signing up: The world has changed. Microsoft Unified Communications is at the heart of millions of Office 365 implementations and provides a voice to millions of employees, bringing the world together and allowing people to work together seamlessly anywhere. Planning, implementing and managing UC infrastructure needs the right skills and knowledge to get right, and the best way to learn is in-person from MVPs and world-renowned experts. UC Day brings you the content and spirit of global conferences like MEC and Lync Conference, Azurecon, and updated sessions from Ignite to the United Kingdom at an easily accessible, award Read More

Azure AD Identity Protection dashboard

Reprovision all databases in Exchange 2013 for disaster recovery scenarios

Recently I had to perform disaster recovery on an Exchange environment. It required me to remove all DB’s (it’s in a pre-migration phase so no worries here) and create new databases. After removing all additional databases, the first database couldn’t be removed, due to still existing mailboxes hosted in the first mailbox database. ECP didn’t show these mailboxes, but PowerShell did. It turned out to be the: Exchange Arbitration mailboxes Exchange Discovery Search Mailbox So first I had created a new set of target databases called “MailDB0#“, # being 1 – 3. To move the arbitration mailbox (which are actually quite a few hidden mailboxes), you have to do the following: Get-Mailbox -Arbitration | New-MoveRequest -targetDatabase MailDB01 This will move all arbitration mailboxes to MailDB. Next, you’ll have to move the Exchange Discovery Search mailbox. Find and move it with the following command: Get-Mailbox “*discovery*” | New-MoveRequest –targetDatabase MailDB01 This Read More

Azure AD Identity Protection dashboard

Windows 10 build 14366 and the Office Online Extension for Edge

Today, June 15th  2016 Microsoft released the 14366 build. When looking at the ‘What’s new’ for this build, you see there’s only one new feature: Wait a minute, ‘Office Online extension’? Not much descriptive text to go by, but it could be interesting, so let’s have a look! First things first, we need to get this extension – apparently – installed, so click the hyperlink in on the What’s new web page, this opens the Windows 10 Store and there you can install it: Yep, that seems about right! If you look at the full app description, you’ll see the following: Well.. ok.. if you have an Office 365 subscription you’ll know you have access to the Online editions of most ProPlus equivalents, such as Word, Excel and Powerpoint. So where exactly does this Office Online extension position itself in relation to these apps? Does it this integrate? Or replace? “Click Read More

Azure AD Identity Protection dashboard

Data presentation in Azure Active Directory

If you have a very richly filled local Active Directory, you might want to use portions of that data in your Microsoft tenant services, such as SharePoint. This data needs to be synced to Azure AD, obviously. However, looking at the data in various parts of the sync process, a number of variables are involved you may or may not be aware of. Let’s look at them one by one: Local Active Directory AD attribute schema; the AD attribute schema plays, and has played a very important role in Active Directory throughout the years. Every AD DS edition (OS-based) has a specific schema version that holds and presents data at certain ways. While most critical fields in AD remain unchanged throughout schema updates, there are definate changes that need to be converted (through an AD schema update process) in order to retain or convert data in order to preserve access. Microsoft may Read More

Azure AD Identity Protection dashboard

Office 365 Service Certificate Overview

When working on an Office 365 project, a question I often get is: ‘What certificates do I need to successfully…’ : … ensure secured authentication between Office365 and my on-premises users (identity federation)? … establish an Exchange hybrid configuration? … implement Skype for Business? etc. So let’s provide a clear overview of certificate requirements for all Office 365 related scenarios in this article. Please note: these certificates are complementary to all already in-place certificates required for on-premises deployments. Hybrid Identity Certificate: Security Token Signing CA: Third party Used for: Proof of identity of authentication authority Type: SSL Usage: Domain validation Private key exportable: Yes Subject: federation service name Subject example: sts.office365man.com Additional: Must be FQDN, dotless short name subjects aren’t accepted by AD FS In an AD multi-forest environment, the only subject you need is for federation service name in the domain hosting the AD FS farm. Exchange Hybrid Certificate: Hybrid certificate (max. 1 hybrid connection Read More

Azure AD Identity Protection dashboard

MS Cloud Roadshow The Hague 2016 recap

For those who followed my Twitter feed (@ErkelensJeroen) will know that the Microsoft Cloud Roadshow touched down in The Hague, Netherlands last thurdsay and friday. This Azure and Office centric event was attended by a big crowd and showcased a lot of sessions. It were two packed days with a lot of entry-level sessions, but a lot of updates that were interesting for ITPros as well. I picked out those learning points that seemed most interesting based on my area of work and I’m happy to share them with you. PowerBI I thought this was one of the big success factors of the roadshow for me. PowerBI made a huge lead forward. In my tweet below you can see the the dashboard builder. Just select an entry from the right pane, drag it to any location and configure its parameters and create a dashboard as shown in the tweet below: From Read More

Azure AD Identity Protection dashboard

Exchange Server Deployment Assistant

If you’re new to Exchange, or want to get a better insight into Exchange server you can find a wealth of knowledge on Microsofts TechNet and a wide variety of specialist blogs. However, this may be a bit overwealming and requires you to find out what to do in whatever way suits you and your environment. Microsoft has a tool that allows you to visualise your migration path and get a better understanding of what to do and how/when to do it. This tool is called the ‘Exchange Server Deployment Assistant‘ and it will allow you to: Get a distinct procedural overview of how to reach your goals Plan an Exhange hybrid implementation Create an Exchange Online migration path Plan new deployments Determine on-premises migration paths etc. You can use the tool by navigating to: https://technet.microsoft.com/en-us/exdeploy2013 Upon launch it will show the following options: The first part of the wizard consists of Read More

Azure AD Identity Protection dashboard

Exchange 2016 Online Courses

Want to get up to speed with Exchange 2016? You can now follow a number of Exchange 2016 online courses. There are four courses (the first is free, the others cost $49 each) : Microsoft Exchange Server 2016 Infrastructure; Learn how to plan, configure, and manage Active Directory infrastructure requirements for Microsoft Exchange Server 2016 Microsoft Exchange Server 2016 Client Access Services; Find out how to plan and implement mobile messaging, Outlook, and secure Internet access to improve client access services. Microsoft Exchange Server 2016 Mailbox Databases; Get the details on planning and configuring mailbox databases, including backup, recovery, and restoration. Microsoft Exchange Server 2016 Transport Services; Explore planning and configuring message transport services, including anti-virus, malware-filtering, and spam-filtering solutions. The courses are offered through EDX.ORG, which requires you to create a free account at their site. After which you can start right away. More information the original Microsoft blog article.