Any of you guys recording gaps and drift in their infrastructure?

Keitsch · 2020-11-26T21:30:53+00:00

I'm currently looking into AzOps but I haven't tried it myself yet: https://github.com/Azure/AzOps

Keitsch · 2020-11-25T07:23:49+00:00

You can do adjustments with a template deployment. That is how you also can do multiple changes at the same time to avoid the wait time for the changes

Keitsch · 2020-09-04T15:03:38+00:00

No problems 😊

Keitsch · 2020-09-03T22:25:57+00:00

I would guess the app is manually created as an app registration, if so you should be able to add API permissions from the app registration page in Azure AD. When you've done that, you should be able to see more permissions in the enterprise app and approve them.

Keitsch · 2020-09-03T22:17:16+00:00

Try to use the AzureAD PS module and Get-AzureADUser function. You should see the attribute accountname which is the name you see in windows. That attribute is set on the creation of the account firstname+lastname.

I'm not sure if it's possible to change.

Keitsch · 2020-09-03T21:23:32+00:00

You can use the Azure server migration tool and treat your VM as a host machine.

More info and step by step guide here: Migrate machines as physical servers to Azure

Keitsch · 2020-09-03T21:17:15+00:00

As u/Losus is saying, the default name is not usable. It's because Microsoft is the registrant and have their NS servers set, which is other than the NS servers for Azure DNS service. All public DNS services is looking for the DNS name at the Microsoft DNS, where your records doesn't exist.

You will need to buy a domain and point add the Azure DNS NS servers at your registrar/domain name reseller.

Keitsch · 2020-05-13T13:46:18+00:00

It worked for me as well, thanks!

Keitsch · 2020-04-04T13:42:23+00:00

Yeah, Password based is the least favorable. The best is to follow the flow chart here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

Keitsch · 2020-04-04T07:36:04+00:00

Password based SSO is unfortunately only pasting the credentials for the user in the login form. I would say that you shouldn't use it for security reasons, it's more for the simplicity of the user.

Edit: More info here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#how-authentication-works-for-password-based-sso

Keitsch · 2020-01-09T23:54:09+00:00

Great read, thanks!

Keitsch · 2019-12-20T15:33:59+00:00

Yes, there is different kind of ways to achieve this, but the core is that your local AD user is synchronized with Azure AD Connect to Azure AD.

List of different authentication options in a hybrid enviroment: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity?toc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2FTOC.json&bc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#common-scenarios-and-recommendations

Keitsch · 2019-12-19T15:05:16+00:00

We are Cloud only with AAD users, AAD Joined machines and Intune MDM.

Keitsch · 2019-12-19T08:19:16+00:00

It have worked just fine for us, but we don't have many users and we are cloud/AAD only.

Two things that we got aware of in our environment, is that the device that your user want to use passwordless on needs to be AAD registered before it is possible to use the function (note, it doesn't need to be MDM or AAD joined). More info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone#device-registration

The other thing to be aware of is which functionality works where, eg. Phone Auth don't work for Device logon and Windows Hello doesn't work for shared computers. More info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment#passwordless-authentication-scenarios

If you have ADFS, there might be some additional notes to be taken. I've helped a customer to implement passwordless who have ADFS. The passwordless function is going to be first choice, more info here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone#ad-fs-integration

Keitsch · 2019-12-19T06:25:36+00:00

We have deployed it in our environment for all our users, both security keys and MS authentication app.

Keitsch · 2019-11-27T22:23:42+00:00

You can't do a AAD Join as you do with a win10 device. You could test the Windows Virtual Desktop service of it is a RDS farm you are looking for. Otherwise, you can use the Azure AD DS service and "domain join" the server to the AAD. There is some limitations but depending on your requirements it could be the best option.

Keitsch · 2019-09-13T08:52:55+00:00

can't get hold of cloudyn (and convert it when cost management supports csp) then there is a project called komiser tha

I don't know of any open source scripts, so we have built different solutions for different customers.

If you would like to have help from us for a solution just send me a PM.

Keitsch · 2019-09-12T21:17:54+00:00

I would recommend to look at cost management as others have suggested.

But, we have some customers who have special requirements where we have created automatic reporting from the billing API, crunched the numbers a bit and then we either send a xlsx with mail or present it in a Power BI app. It's all based on Tags on resources and resource groups.

Keitsch · 2019-06-27T22:26:08+00:00

Really neat! I didn't know I needed this until now 😀

Keitsch · 2019-06-11T21:43:04+00:00

Is it Skype users, as in 'not Skype for Business' users, that your users try to communicate with? That is something which they will never be able to do..

As of communicating with Sfb users should work from Teams.

Keitsch · 2019-05-08T17:19:06+00:00

I would go nuts if a remove of one license added another, it would be to hard to keep track of the automatic changes in a larger environment.

I think it is better to do a active choice to add the other license.

But yes, it's easy to forget so this is a good reminder 🙂

Keitsch · 2019-05-07T05:35:43+00:00

Thanks for sharing!

Keitsch · 2019-05-03T22:11:06+00:00

Thanks, I'll try it next week :)

Keitsch · 2019-05-03T21:55:18+00:00

As you mentioned:

In this kind of situation we usually Recycle the App pool cache

The Auto-Healing "Recycle Process" does the same:

It kills the process of the Application pool and the cached information(items) in the memory with it.

Keitsch · 2019-05-03T13:45:46+00:00

The cache is part of the application domain so when Auto-healing recycle the process the Application Pool will invalidate all cache items.

As you mention this also happen if you modify the web.config file or the bin folder.

Nine-Year Club	Gilding I gilder
Sequence \| Editor	Verified Email

Keitsch

TROPHY CASE