Freshly brewed with Microsoft Azure and Microsoft 365

Tag: Directory Page 1 of 2

Are you looking for information about Active Directory? In this archive you will find all our posts about Active Directory.

Azure AD B2B Direct Connect for shared channels in Microsoft Teams

Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams.

Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps.

When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until it is manually deleted.

Installation and configuration Azure Active Directory Cloud Sync

Azure Active Directory Cloud Sync is a software that synchronizes objects from Active Directory to Azure Active Directory.
Azure AD Connect cloud synchronization orchestrates the provisioning of AD objects to Azure AD in Microsoft Online Services. Locally only a simple agent is needed.

The entire synchronization configuration is set up in the Azure Portal (https://portal.azure.com). Azure AD Cloud Sync supports high availability by installing the agent on multiple servers.

This tutorial describes how to install and configure Azure AD Cloud Sync.

Review and remove inactive users from Microsoft 365 groups with Access Review

Permissions for Microsoft 365 groups or applications can change constantly. This makes the effort of checking permissions time-consuming and inefficient.

With the Azure Active Directory feature “Access Review”, this task can be largely automated and inactive users and guests can be removed from the Microsoft 365 groups and applications with just a few clicks.

Azure AD: Roll over Kerberos decryption key

Users can use the same credentials for on-premises and cloud-based services with Seamless SSO. There is no need for recurring prompts to enter credentials between services. The necessary data are automatically synced between Active Directory and Azure Active Directory.

When configuring Seamless SSO, the computer account “AZUREADSSOACC” is created. For security reasons, the Kerberos encryption key for this account should be rolled over every 30 days.

This tutorial describes how to manually roll over the Kerberos decryption key every 30 days.

Enable Enterprise State Roaming in Azure Active Directory

Windows 10 and Windows 11 synchronizes user settings to Azure Cloud via enterprise state roaming. The settings of the applications are thus the same on every device to which a user logs on. When installing a new device, many settings are already present.

Enterprise State Roaming encrypts the data with Azure Right Management (Azure RMS) and synchronizes it to the Azure Cloud.

Enterprise state roaming is well suited for enterprise devices that have different locations outside the usual office premises. Unlike roaming profiles, enterprise state roaming does not require a connection to on-premise servers.

Page 1 of 2

Powered by WordPress & Theme by Anders Norén