I often get questions with regards to multi factor authentication (MFA) in connection with accessing cloud services (Eg: Office365, Azure AD) and how the authentication takes place from an end user perspective. End users will experience differently depends on where MFA is enforced during the whole authentication and authorization process. This blog is focusing on… Continue reading MFA on ADFS and authentication from clients
I would like to share the correct steps that needs to be followed when changing the UPN of the on-premise user in Active Directory when synchronizing to Azure AD. There is been a very old outstanding issue with Office 365 where you cannot change a user’s userPrincipalName (UPN) from one federated domain to another federated… Continue reading Change UPN between federated domains in Office 365
Introduction I have been rolling out Web Application Proxy servers to expose the ADFS farm at a customer project. I have been facing issues where the Proxy Trust relationship between Web Application Proxy and AD FS 2016. Though the trust between ADFS and WAP servers seems to be establish while the setup wizard kicks in… Continue reading WAP Servers & ADFS Connectivity over TLS
During a recent Office365 project, I have been looking at the various attributes of an on-premise synchronized user object to populate Usage Location, Preferred Language for Office365 services. Let us look at what is this attribute and its purpose for Office 365 and Azure AD. Usage Location – Why it is important? This property is… Continue reading Office 365 – Usage Location, Preferred Language and Group based licencing
#Unable to set Azure Directory Admin on Azure SQL server. What is Azure B2B collocation? Azure AD business-to-business (B2B) collaboration allows any organization using Azure AD to work safely and securely with users from other organizations instead of creating their accounts and manage passwords locally as we have been rationally doing. Recommend to read https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b… Continue reading Limitation of Azure B2B guest account on customers Azure subscriptions.
Assign Enterprise License to user. Assigning Office 365 licenses using powershell command “Set-MsolUserLicense” is usually straing forward. You just need to find the Accounsku using the powershell command “Get-MsolAccountSku” and assign the licenses accordingly. For example, if you need to assign an E3 license which includes all services like SharePoint online, Exchange online etc…. then… Continue reading PowerShell:How to assign selective Office 365 license options
This article explains the best practices and flow of creating User Mailboxes and license them in Hybrid Exchange environment with AADConnect and Office 365. Office 365 portal lets you assign the Exchange license directly in Office 365 portal itself for a synchronised on-prem AD user however in this way, you cannot manage the Exchange Properties… Continue reading Provisioning & licensing a user for Exchange online in a Hybrid Environment
Issue Background: One of my customer has very distributed Active Directory topology with AD sites configured. There are two Exchange 2016 servers installed in one of the AD site. We had experienced a very long time (almost more than 30 minutes) to get changes reflected in Exchange Admin Console even though the change was made… Continue reading Exchange 2016 is using out of site Domain controller to query recipients. Event ID 2112
Issue: Users are not able to refresh the excel file using the external data source (SQL) while accessing from Excel services. They get below error while refreshing the data. Workaround: If the excel file opens in the file in MS Excel, then users are able to refresh the data without any issues. So the issue… Continue reading SharePoint 2013, BI reports & Kerberos Constrained Delegation
Remote Mailboxes are a way to create Exchange mailboxes directly in Exchange Online without having to create it first on-premise. The mailbox attributes are synchronized (AADConnect) to Exchange Online rather than having to do a remote mailbox move from Exchange on-premise. Enable-RemoteMailbox – If the user account already exists in Active Directory New-RemoteMailbox -If you want… Continue reading Exchange Remote Mailbox & Office 365 License
Lijo John's Notes from IT Consulting 