Azure & Active Directory Center

Office 365 allows for various authentication mechanisms, which includes federated authentication through Active Directory Federation Services. Federated authentication in Office 365 is configured per domain. However, if you register multiple subdomains in your Office 365 tenant, those subdomains will automatically inherit the authentication settings from the parent domain IF you registered the subdomains in the tenant after the parent domain.

In the world of hybrid headaches, directory synchronization is the root of all evil. While there's nothing wrong with using directory synchronization (I'm a big fan), most of the issues and questions I encounter when dealing with hybrid issues are a direct result of not understanding directory synchronization and how the process works.

Welcome to part 3 of "Addressing the Office 365 Monitoring Gaps". In part 1, we discussed the differences in monitoring cloud-based systems vs traditional on-premises deployments. In part 2, we discussed admins least favorite thing, outages.

Introduction

By now, Azure AD Conditional Access should no longer be unfamiliar to anyone in IT. As a refresher, it’s Microsoft’s solution for providing a flexible, condition-based, way of controlling access to (cloud) resources.

When moving to Office 365 you have various options on how to handle authentication to the service. The purpose of this article is not to explain in great detail what those options are, but rather to take a look at what considerations come into play when choosing the right option for your deployment.

In this blog post, Microsoft recently announced support for Hybrid Modern Authentication for Exchange Server 2013/2016 on-premises. What is this Hybrid Modern Authentication, and is it something you should tinker about? As with most questions in IT, the answer is less straightforward and leans towards what most consultants would say: “it depends”.

Consider the following scenario: you are about to implement directory synchronization for Office 365. You have multiple Active Directory sites across several, geographically dispersed, locations all over the world. Unsurprisingly, some of these locations have better connectivity than others and you might not want AAD Connect to connect to Domain Controllers in locations with a slow or high latency connection at the risk of slowing down the entire process.

Welcome to the fifth part of this article series about Azure AD Connect. In the previous article, we've taken a look at some of the optional features you can enable for directory synchronization. In this article, we'll cover a few more features -- more specifically the User and Group write-back capabilities.

Welcome to the fourth part of this article series about Azure AD Connect. In the previous article, I discussed permissions for a custom installation, and we dived a little deeper into the upgrade capabilities. Before jumping into the 'advanced' customization options such the filtering abilities, I wanted to take a look at some of the additional (preview) features that Azure AD Connect offers to date.

Welcome to the third part of this article series about Azure AD Connect. In the previous article, I discussed the various custom installation options and the implications of using a separate SQL database.

Following that article, I received a few interesting questions that warranted some follow-up. More specifically, I had a few people call out that documentation regarding the required permissions for Azure AD Connect is scarce.