Category Archives: Azure

ADFS in multi forest environments

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

ADFS in multi forest environments is still a very hot topic based on my day to day experience. Even if I’m concentrating more on cloud application development projects for more than 8 months, I still get a lot of questions from partners, colleagues, customers, IT admins from all around the world regarding this specific scenario. To put this in a little bit more perspective, the questions are usually asked in the context of Azure Active Directory, so the already renowned federated identity scenario. So that’s why I decided to blog about it, hoping to complement the scarce existing documentation.

Before we get started I would like to clarify one thing. Even if I will reference a lot Azure AD, everything I describe here is not restricted to Azure AD as a relying party. In fact, last time I worked on such a scenario, the relying party was AWS. So let’s get started.

The basic scenario is the following: a company has two or more Active Directory forest and one Azure AD. Using Azure AD Connect we can synchronize several forests to the same Azure AD. The question arises on the ADFS design. How many ADFS farms would we need? How would this work? Is this supported? Continue reading

#Build 2017 – some exciting things

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

I just finished watching the #Build 2017 keynote and I am really excited by all the new things that were announced in this occasion. There were so many cool things that at the end I started to forget those mentioned at the beginning. That’s why I thought of writing a //build 2017 keynote summary, to serve more for me remembering all the things that I need to keep up with during the next year.

One of the coolest thing is the new Azure Cosmos DB offering. Azure Cosmos DB is Microsoft’s globally distributed, multi-model database. With the click of a button, Azure Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure’s geographic regions. It offers throughput, latency, availability, and consistency guarantees with comprehensive service level agreements (SLAs), something no other database service can offer. What this means is that you have a database where you can store documents, tables, graph data and many more in the same place and use really any DB API to access all the data in nearly real time.

Just to stay in the same database area, the announcement of Azure database for MySql was also a nice surprise. Basically, you get a MySql database as a service, without the need to take care of patching infrastructures and so on.

Further, Microsoft announced at //build 2017 the new Azure IoT Edge, a technology that’s meant to extend “the intelligence — and other benefits — of cloud computing to edge devices.” It’s a cross-platform run time that runs on both Windows and Linux, and it will work on devices that are smaller than a Raspberry Pi. This will solve a lot of problems in IoT scenarios with really small devices, since this new features enables a more straight forward communication between Azure and devices.

Next, the announcement of the new Azure Portal App for iOs and Android, together with the built in full featured Bash shell in the Azure Portal was also a very intriguing announcement. First, the mobile app is not available on Windows 10 mobile devices (I know, there are few of them out there, but still….) and second, the first integrated shell is a Bash shell, not PowerShell (PowerShell will come “some time” in the future). On the other side, this underlines once more the heavy open source approach that Microsoft is showing during last years.

The remote debugging of production web apps using Visual Studio 2017 without any downtime was also a great thing to watch.

Let’s go to the AI part. I was already fairly familiar with Microsoft Cognitive Services, but the announcement of the custom vision API was really exciting. This enables developers to easily train their own vision machine learning models, providing the necessary training data. This really starts to look more and more like democratized AI, which should enable developers to build more and more intelligent applications.

The PowerPoint Translator was also a fairly cool demo, but for me it was not necessarily something new since exactly the same thing was showcased two years ago at the Build conference, but back then it was a Skype extension, called Skype translator. These two are fairly similar.

A final observation: almost all demos were made from MacOS laptops and iPhones.

Watching the //Build 2017 keynote was a very good time investment. I still dream to attend this conference in person at some time 🙂

Testing Azure AD per app MFA and conditional access based on network location

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Azure AD conditional access and per app MFA is globally available starting today, as announced by Alex Simmons. This feature was in preview for some time, but now, that it is globally available, it can be used in production environments. Since this is a new feature, I played a little bit around with it and I would like to share some insights.

Azure AD per app MFA and conditional access allows administrators to set MFA requirements on applications that are registered in Azure AD. This enables interesting scenarios, like for example requiring MFA for Exchange Online, but not for SharePoint Online, if a request comes from outside the corporate network. In order for this to work, you would have to activate MFA first and define the IP ranges that define your corporate network in CIDR format. You should be able to do this by accessing following URL: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspxContinue reading

Enterprise State Roaming – everything’s possible when Azure AD and Windows 10 work together

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Starting with Windows 8.1 I noticed that when I change my laptop, most of the settings and favourites will be there on the new device. This was a great thing! However, I asked myself if this would be possible also when changing my company laptop. With Azure AD and Windows 10 this is now possible, using a new feature called Enterprise State Roaming.  Continue reading

Using PowerShell to assign service admin roles in Azure AD

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Do you remember the times when you couldn’t assign service admin roles in Office 365? Those times are not gone for a long time, but however, it was not possible to add an Exchange Online Administrator, or a SharePoint Administrator. So, in most cases, companies used Global Administrators to manage Exchange, for instance, but the same admins had also access to SharePoint. It’s clear that this was odd.

The reason why this was not possible is that users and correspondent administrative roles are handled in Azure AD. So each Office 365 organization also has an Azure AD, only that many don’t know. And back then, administrative roles weren’t properly integrated across different services. However, this is possible now and we can also use PowerShell do handle everything. Continue reading

Azure AD, the door to the future

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Last week I was in Munich, attending a Microsoft partner event and I also delivered a track on Azure AD, called “Azure AD, the door to the future”. So I was thinking on writing down a brief summary of the content I delivered on Azure AD.

But it’s not possible to jump directly to Azure AD, without spending some words on the modern workplace, since Azure AD is just a technical answer for the challenges IT administrators face nowadays. Ten years back, the workplace was straightforward. Users came in their office, logged in to their PC and worked. In the evening they sut everything down and went home. Nowadays it’s different, since users are very mobile. They don’t simply work from their desk. Instead, users are now working from places difficult to imagine few years back, like bars, trains, hotels and their homes, of course. Not only that users are physically mobile, but they also use a vast palette of devices to accomplish work related tasks. If the IT department doesn’t offer devices, users will bring them themselves. In this circumstances, mobility is not something about movement anymore, but about the mobility of the entire experience.

Further, users also use a vast range of apps in their day to day work. And to be sincere, users also use a lot of third party SaaS apps to accomplish their tasks. Most IT departments wanted to improve the user experience and tried to integrate some way all the apps in their IT infrastructure, in order to prevent the leak of corporate information.  Continue reading

New Microsoft datacenters in Germany officially announced

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Microsoft CEO, Satya Nadella, just announced in Berlin the new cloud strategy for Germany which includes two new Microsoft datacenters, one located in Frankfurt and the second located in Magdeburg. All major Microsoft Cloud services will be offered from the new facilities, including Azure, Office 365 and CRM Online. The new Microsoft datacenters in Germany will most probably go live in the second half of 2016.

The new Microsoft datacenters in Germany underline once more Microsoft’s commitment to data security and data privacy, making sure that all Microsoft cloud customers are able to meet their specific compliance and regulatory needs. The two datacenters are connected through a private network, so that the data flow is completely isolated from the internet.

Further, German and European customers will be able to choose between a global Microsoft cloud service and a local cloud service. If customers opt for the local cloud service, none of the data or metadata will be stored outside Europe. To make everything as transparent as possible, the German company T-Systems will act as a data trustee under German law. What this means is that T-Systems is the only one to decide who gets access to the data stored in the new datacenters and who doesn’t. This means that Microsoft itself won’t have any access to the data. Continue reading

Microsoft and Docker announce new innovations for Azure IaaS

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Around one year ago Microsoft and Docker started a great partnership meant to continuously innovate and bring new cool features to Azure IaaS that enable organizations around the world to build their next generation cross platform apps. Trying to enumerate all the new features brought to Microsoft Azure in partnership with Docker is not easy at all, but some of them include Windows Server Containers, Hyper-V Containers, Docker VM Extensions for Linux on Azure, Docker CLI support on Windows, Compose and Swarm support on Azure, Visual Studio Tooling for Docker.

These days at the the DockerCon North America Microsoft and Docker announced and demonstrated some new features and updates that take the partnership to a next step.  Continue reading

Fixes in Azure AD Sync Build 1.0.494.0501

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Azure AD Sync Build 1.0.494.0501 was released some time ago and in my opinion it brought a fix for a major problem I was seeing in a lot of cases and that is failing of password writeback with servicebus connectivity error.

I still see a lot of partners struggling with this type of error messages at their end customers and I advised all of them to install the new build. This solved this error in all of the cases.

However, be aware that Azure AD Sync build  1.0.494.0501 now requires the .Net Framework version 4.5.1 to be installed. So if you don’t have this .NET version currently installed on your server, you may want to install it before installing the new Azure AD Sync Build.  Continue reading

Microsoft Azure RemoteApp iese din beta pe 11 decembrie

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Serviciul cloud Microsoft Azure RemoteApp va iesi din stadiul de “beta” pe data de 11 decembrie 2014 si va fi disponibili pentru toate organizatiile care folosesc deja Microsoft Azure. Cei care au testat varianta beta pana acum, vor putea observa ca serviciul lor va fi actualizat automat si vor primi o licenta trial valabila pentru 30 de zile.

Azure RemoteApp este serviciul perfect pentru organizatiile in care forta de lucru fluctueaza foarte mult, dar utilizatorii au nevoie totusi de acces la aplicatiile de business pe care organizatia le foloseste. Practic aplicatiile vor putea fi rulate virtualizat pe toate device-urile. Chiar daca ele vor rula pe serverele din data center, utilizatorii vor avea aceeasi experienta ca si cum acestea ar fi instalate direct pe device-ul pe care il folosesc. Aplicatiile vor fi accesate prin Microsoft Remote Desktop Protocol.  Continue reading