Moving an Office 365 DirSync/ADFS domain from one Azure AD tenant to another

When helping our clients with Office 365 deployments, we sometimes find that DirSync has been associated with a trial tenant that is about to expire and/or was originally created with a provisional name, or similar. In any case, a public DNS name can only be verified once in Office 365, which associates that namespace with the Office 365 and Azure AD tenancies. So if we want to move DirSync (which is also a prerequisite for ADFS) to a new tenancy, then we need to back it out from the first tenant and re-associate it with the second. Unfortunately, that process isn’t exceptionally quick, but there are some manual steps that you can carry out in order to accelerate the change. As we do this more often, our list of things to check is growing, so this list may change, but this is where we’re at today. Please feel free to comment if you feel we’re overlooking anything.

Continue reading “Moving an Office 365 DirSync/ADFS domain from one Azure AD tenant to another”

Significant Identity and Access Management Improvements in Windows Server 2012 R2

Last week, Microsoft released Windows Server 2012 R2 Preview. Some information about new features like the Web Application Proxy role began to emerge from recent industry events, but there isn’t an awful lot to absorb at the moment. Having played around with the preview for a few days, I’m pleased to report that the new features look good. While there are always niggles and unsupported scenarios, the features themselves are bringing Microsoft’s Identity and Access Management (IAM) offerings nearer to parity with the industry leaders. These changes should be of particular interest for SharePoint on-premises and Office 365 customers, as a number of scenarios that were on the bleeding edge of ADFS/UAG capabilities have been brought into the fold with some important enhancements to ADFS, which isn’t just for federation anymore.

In short, we get a new Claims-Aware Reverse Proxy, Device Claims in and outside of the network, Multiple-Factor Authentication and other enhancements for making access control decisions on more than just a username and password. I’ve discussed all of these topics routinely over the last couple of years in SharePoint on-premises and Office 365 contexts, but the current provisions in ADFS and UAG are not as elegant as what we find in the preview, so I’m keenly exploring the new functionality and will try to keep the content flowing. In this post I will focus on the features themselves, as there’s a lot of new stuff and the implementation of this functionality will only be clear with a bit more information than what you’ll find online today. I’m kind of rushing this out after limited use because I know there’s a big appetite for knowledge about the Microsoft Reverse Proxy roadmap, so apologies for the incompleteness in advance.

Continue reading “Significant Identity and Access Management Improvements in Windows Server 2012 R2”

Editing the Host Name field for wildcard SSL certificate bindings in IIS 7

Not only is this the thing that I always forget, it’s the thing that I’ve just learned I didn’t really understand. My colleague Ben just absolutely pwned me about an SSL certificate’s “Friendly Name” field and how it’s used when editing SSL binding in IIS. I was certain that Friendly Name couldn’t possibly be related to getting an editable host name field when you bind multiple Web Applications on the same IP address (assuming you have a wildcard certificate to handle this multiplicity). How it works with SAN certificates I don’t really know, but that’s a topic for another post. At any rate, in this case, I was bashing my head because I couldn’t get an editable Host Name field for my newly-extended Web Application:

Continue reading “Editing the Host Name field for wildcard SSL certificate bindings in IIS 7”

How to enable Lync audio within a Remote Desktop session

I’ve been working from home a bit more lately, and with that, I’ve been fine-tuning how I work. For instance, I’ve been using the “Use all my monitors” setting in order to stretch my remote desktop session across two screens. In Windows 8 this is a big improvement, as your monitors can be different resolutions and it supports that just as if you were at your desk.

Continue reading “How to enable Lync audio within a Remote Desktop session”