AAD: Changes to the Azure AD IP address ranges

There is an “important” update to the July 2018 release notes of Azure AD that I posted 2 weeks ago.

2 new address ranges will be available shortly and you maybe need to update your firewall setting if you have configured specific ranges to connect to Azure AD before.

So here is the complete update:

Changes to Azure Active Directory IP address ranges

Type: Plan for change
Service category: Other
Product capability: Platform

We’re introducing larger IP ranges to Azure AD, which means if you’ve configured Azure AD IP address ranges for your firewalls, routers, or Network Security Groups, you’ll need to update them. We’re making this update so you won’t have to change your firewall, router, or Network Security Groups IP range configurations again when Azure AD adds new endpoints.

Network traffic is moving to these new ranges over the next two months. To continue with uninterrupted service, you must add these updated values to your IP Addresses before September 10, 2018:


We strongly recommend not removing the old IP Address ranges until all of your network traffic has moved to the new ranges. For updates about the move and to learn when you can remove the old ranges, see Office 365 URLs and IP address ranges.


Exploring the new converged Azure SSPR and MFA registration experience

As you can see in my previous post on what is new in Azure AD for July 2018 there is an opt-in public preview of an new converged security info management (registration and management) available for Azure AD SSPR (Self Service Password Reset) and MFA (Multi Factor Authentication).

Currently you have to manage each security info in an separate portal which is now combined into one experience.

You can opt-in only a subset of your users (like a pilot group) by using a Azure AD group and activate the new feature only for that group or all users at one.

Once you activate the new experience the old one is no longer available until you disable the user for the public preview.


Once you enable this experience, users who register or confirm their phone number or mobile app through the new experience will have the ability to use them for MFA and SSPR, if those methods are enabled in the MFA and SSPR policies. If you then disable this experience, users who navigate to the previous SSPR registration page at aka.ms/ssprsetup will be required to perform MFA before they can access the page. 

Read more of this post

Azure AD: Updated and new features of July 2018

Again, July 2018 brought some changes and new feature to Azure AD.
Here is a list of what is new or what has changed or was enhanced in detail:

New features:

Azure AD Activity Logs are now available through Azure Monitor

Service category: Reporting
Product capability: Monitoring & Reporting

The Azure AD Activity Logs are now available in public preview for the Azure Monitor (Azure’s platform-wide monitoring service). Azure Monitor offers you long-term retention and seamless integration, in addition to these improvements:

  • Long-term retention by routing your log files to your own Azure storage account.
  • Seamless SIEM integration, without requiring you to write or maintain custom scripts.
  • Seamless integration with your own custom solutions, analytics tools, or incident management solutions.

For more information about these new capabilities, see our blog Azure AD activity logs in Azure Monitor diagnostics is now in public preview and our documentation, Azure Active Directory activity logs in Azure Monitor (preview).

Read more of this post

Azure AD Connect: New version 1.1.880.0 available

A new version of Azure AD Connect was released on July, 20th 2018.
The new build number is 1.1.880.0

It is currently available only for auto-upgrade but the downloadable version will be released very soon.

See Azure AD Connect: Version release history

This release contains many new or improved features as well as some fixes:
Read more of this post

Hotfix rollup package is available for MIM 2016 SP1 (Build

A large new hotfix rollup package is available for Microsoft Identity Manager 2016 SP1 (MIM 2016).

It has a lot of fixes and enhancements in it. Build Version is

Hotfix rollup package (build is available for Microsoft Identity Manager 2016 SP1

You can download it from here.

Read more of this post

Note-to-self: New deployment guides for AAD authentication

I was quite busy the last weeks and month to migrate a lot of customers from ADFS to mostly Password Hash Sync (PHS) combined with Seamless SSO for Azure AD authentication.

While documenting all that projects on my own, I recently find pre-written deployment guides for authentication from the Deployment Plan Team at Microsoft.

The new deployment guides covering the following scenarios: Read more of this post

Azure AD Connect high (100%) CPU usage after update

Today I updated my demo lab VMs with the latest patches from July 2018.

Some time after the reboot the machine starts to use 100% CPU ending in slow responses to nearly become unusable.

From the task manager (takes 30-60 seconds to start) I could see one process consuming all the CPU power:


Read more of this post

%d bloggers like this: