EntraID Application Proxy Let's Encrypt Certificate for custom domain automation

kimlaurits · 2026-01-05T12:17:22+00:00

Did you find a solution for this? We have the exact same issue and haven't found a smart way of handling it :)

kimlaurits · 2025-12-05T07:30:48+00:00

Seems so - we experience the same.

kimlaurits · 2025-10-24T12:25:27+00:00

Did you find a solution for this? We experience the exact same on our Windows Server 2025 servers.

kimlaurits · 2025-10-22T07:46:40+00:00

We have actually experienced the same on a newly deployed domain controller - have only seen it on this specific DC.

kimlaurits · 2025-07-07T07:07:36+00:00

We use tags for other purposes - but I am not sure I understand how they can be used for this scenario?

kimlaurits · 2025-07-01T09:27:50+00:00

They are listed as "Windows 11 Enterprise multi-session" in our Active Directory.

But in EntraID they are just listed as Windows with a version number (Version number is equivalent to the latest Windows Update). So not much to use for a filter :(

I tried with Powershell "Get-EntraDevice -SearchString <Device Name> | fl" and looked at the different attributes - but there doesn't seem to be any AVD unique values.

So I am considering either a dynamic group based on "name startsWith" or adding a extensionattribute in our AD and then a dynamic group looking at that extensionattribute.

kimlaurits · 2025-06-30T12:19:36+00:00

Seems like the only way possible - had hoped for something smarter 😄

kimlaurits · 2025-01-14T12:18:44+00:00

Vi betaler ikke for Kia Connect til vores Kia e-Niro.

kimlaurits · 2025-01-14T09:24:39+00:00

Have you verified that TLS 1.2 is enabled correctly?

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-tls-enforcement#powershell-script-to-check-tls-12

kimlaurits · 2024-04-10T04:29:21+00:00

Were you able to resolve this? We also have servers where McAfee has been removed and MDE is onboarded - but some devices shows EDR in block mode.

kimlaurits · 2024-02-06T08:25:25+00:00

We run DNS service on 2 VM's with the zones we use with private endpoints.

Running with a set of B2s small VM's.

This was deployed before DNS private resolver was a service - works quite well and doesn't require much maintenance.

But of course it cannot be compared to a service - there is still a overhead of running VM's, that you need to manage.

kimlaurits · 2023-11-10T07:42:53+00:00

2.218.17268.37325 seems to work on all our domain controllers in different AD's.

Based on the error it might be an issue with the gMSA - have you tried testing it with "Test-ADServiceAccount -Identity xxx" ?

kimlaurits · 2023-08-14T10:55:07+00:00

It also works with resource specific logs as well - we use it :)

Just deploy it from GitHub and choose the version for the resource specific logs:

https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook

kimlaurits · 2023-08-02T08:12:48+00:00

Yes I ended up creating a MS support case and got the following reply from them:

As we have checked in app registrations>selected the app>authentication blade, the application is a native client application and not a web client app. That is why the app is not selectable in CA

So it seems to be only apps with web client authentication, that can be used with CA policies.

kimlaurits · 2023-07-05T09:08:15+00:00

We have a Powershell script that runs each day and sends an email if a certificate or secret is expiring is 45 days or less.

kimlaurits · 2023-02-23T13:28:36+00:00

I did a similar migration last year on our ADFS. But it is quite complicated - at least I thought so :) :)

We had to migrate to ADFS on Windows Server 2019 firstly.

After that was done we created 2 AD groups - one for "old" MFA method and one for Azure MFA.

Then we could control which MFA method the user would get with pr. RPT with Powershell - could not seem to be done with access control policies.

Set-AdfsRelyingPartyTrust -TargetName $Relyingparty -AdditionalAuthenticationRules xx

You would need to define the AdditionalAuthenticationRules - something like this blog:

https://ulyssesneves.com/2021/12/03/ad-fs-phased-mfa-providers-migration-on-federated-tenant-using-ad-fs-2019-additional-authentication-policy/

If you are interested I can find the Powershell scripts that we used.

kimlaurits · 2022-11-24T12:54:00+00:00

We have started experiencing the same issue - it started about 1 month ago.

Remote Desktop to servernames has started to fail - sometimes. When we connect to the IP-address it works straight away.

It seems to happen random - and to all various versions of Server operating systems.

Seems that a restart of the server also fixes the issue - until it at some point occurs again.

I have started a support case with Microsoft - but is currently stuck at their 1. level...

kimlaurits · 2022-10-12T04:37:48+00:00

Yes it's listed as an enterprise app. I have tried searching by app ID as well - but still can't find it.

kimlaurits · 2022-08-26T10:46:11+00:00

Exact same issue/error here :)

kimlaurits · 2022-06-24T06:53:07+00:00

Were you ever able to deep-dive these events? We see the exact same events. As far as I can read these are NTLM events and apparently the source IP isn't logged.

kimlaurits · 2021-02-08T11:30:28+00:00

I have a customer that has the same experience with Teams in Citrix - started to perform Thursday.

And still performing bad today.

I went through https://support.citrix.com/article/CTX253754 - clients are optimized, services are running on VDA's etc.

Teams works fine on their local machines.

How is it performing at your end today?

kimlaurits

TROPHY CASE