Note-to-self: New deployment guides for AAD authentication

I was quite busy the last weeks and month to migrate a lot of customers from ADFS to mostly Password Hash Sync (PHS) combined with Seamless SSO for Azure AD authentication.

While documenting all that projects on my own, I recently find pre-written deployment guides for authentication from the Deployment Plan Team at Microsoft.

The new deployment guides covering the following scenarios: Read more of this post

Advertisements

Azure AD: New roles and administrator blade

Finally, 2 or 3 weeks ago (I think) Microsoft has implemented a new Azure AD blade most admins awaited a long time. It’s the “Roles and Administrator” overview with some additional information on what permissions those roles are given.

You don’t need to leverage PowerShell any more to get a list of all your Azure AD admins and which roles they are in. Privileged Identity Management has that listing since a long time but requires an AAD P2 license. The new feature is available for all customers incl. AAD Free.

Go to the Azure AD blade and you find the new experience called “Roles and Administrators

Read more of this post

Azure AD B2B: How to bulk add guest users without invitation redemption.

Update: This does not work anymore as described, see my updated blog post on B2B redemption.

 

I think most of you are familiar with the concept of Azure AD Business-to-Business (B2B) where you can add users of other companies to your Azure AD tenant. This feature does not require the partner organization to already own or manage their own tenant; you can simply invite every user with an email address.

If the invited user already exists in an Azure AD tenant a guest user is created in your tenant that is linked to this user object in the foreign tenant.

If the invited user does not exists in an Azure AD tenant a shadow/unmanaged tenant is created behind the scenes for that user, additional users from the same domain will then created within this unmanaged tenant.

However, if you add a foreign user to your tenant an invitation mail is send to this user you add and the user has to redeem the invitation. By default, users are created as a guest user, which don’t have any permission (even read directory) in your tenant. Nevertheless, you can assign permissions like application permission, Azure AD or RBAC roles to such users.
Read more of this post

%d bloggers like this: