Azure classic portal will be deprecated

If you are still accessing to the classic portal to manage your VM’s and resources, be aware that the classic portal will be deprecated during the next month. The following information has been published in Docs:

The Azure classic portal will be retired January 08, 2018. After this date, if you attempt to use this portal, you will be automatically redirected to the new Azure portal.

For more information, see the blog post announcement, Marching into the future of the Azure AD admin experience: retiring the Azure classic portal. For the temporary extension to the original retirement date, see Update on retirement of Azure AD classic portal experience and migration of conditional access policies.

So take into consideration to assess your client to migrate all the information or control those applications that still in the classic portal.

Advertisements

Where do users change their phone number for resetting O365 password?

It seems a post very straightforward, but a client fired me this question and I thought that I was pretty sure about the answer, but no, I discovered something new for me in our marvellous O365 world.

My client wanted to change their phone and mail, when they must reset their password. If you remember, the first time that you log into O365, it asks for this data to complete your “recovery” profile. So, when he asked me to change this data, I guided him to follow this procedure:

cp

  • Click on my profile

cp2

  • Update profile with your own/new info

Easy right?

If you follow this procedure to change your O365 password recovery data, you’re as much as wrong as I was. This procedure does not change your initial data, it only changes your profile information. So where do I have to access to change this data? Of course, Azure…

We know that every O365 tenant shares the Azure AD, so in Azure we also have the user information. In this case, the only thing that we have to do is to access to http://portal.azure.com go to Azure Active Directory resource, users and groups and select the user that you need to change their information.

cp5

cp3

After doing this, you will be able to reset your password with the new data that has been introduced.

Keep in mind, that you’ll need permissions in the Azure resource in order to modify this “personal” information, if you don’t have the properly permission, this information will be greyed out.

cp4.png

Hope it helps!

 

Azure AD Premium vs. Azure AD

Many of my customers ask me that, and most of the cases I answer with the following: “If you have an Office 365 subscription, then you already have Azure Active Directory”

In addition to that, if they have Azure AD Connect enabled, will mean that their OnPremises users, passwords and groups are being synchronized to Azure Active Directory.

This is the standard case, but then many of my customers want to enable more features, but many of them are only available on Premium version, and yes it incurs an extra cost

Moreover, nowdays we have different types of Azure Active Directory licensing like:

  • Azure Active Directory Basic
  • Azure Active Directory Premium P1
  • Azure Active Directory Premium P2

But, which features has each one of the licenses?

With Azure Active Directory Basic

  • Manage users & group memberships in the cloud, and assign licensing
  • Sync your on-premises directory using Azure AD Connect
  • Cloud Users can reset their own passwords online
  • Company branding for the SSO access panel, etc.
  • 99.9% uptime SLA

Azure Active Directory Premium P1

  • MFA for cloud and OnPremises
  • Monitor AD synchronization health in the cloud
  • Cloud and OnPremise Users can change their own passwords online
  • Advanced security & usage reports
  • Self-service group & app management (dynamic groups)
  • Run Cloud App Discovery to uncover unmanaged cloud applications running in your environment

Azure Active Directory Premium P2

  • Azure Identity Protection
  • Privileged Identity Management

So, if you want to more about the Azure Active Directory, you can visit the following link, where you can find more info about it.

Till next time!

AzureAD admin is in the new Azure Portal!

Hi there!

Yes, you’re reading well, MS have launch the preview of AzureAD in the new Azure Portal. As you know, when you need to configure something of AzureAD in the new portal, automatically redirects to manage.windowsazure.com.

It was very confusing and it was simply stupid, but from today we can enjoy the new AzurePortal:

azuread.PNG

I hope that MS will be improving the user experience of this new feature, but for this time this are great news 🙂

If you want to hear more info about this, you can visit the following Technet Blog

Cheers!

 

How to connect to O365 using PowerShell

PowerShell is a necessary tool  to connect to O365 administration, more than the 40% of the features of O365 are not visible in the administration panel, so the only way to manage them is via PowerShell code. To the vast majority of users the web portal will be more useful, but if you need to do repetitive tasks or very complex PowerShell is your tool.

So, how do we connect to the several services that offer O365? Let’s being:

Azure Active Directory

$credential = get-credential
Import-Module MsOnline

Connect-MsolService -Credential $credential

Exchange Online

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credential -Authentication “Basic” -AllowRedirection

Import-PSSession $exchangeSession

SharePoint Online

Import-Module Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url https://<NombreDelTenant>-admin.sharepoint.com -credential $credential

Skype for Business

Import-Module LyncOnlineConnector

$lyncSession = New-CsOnlineSession -Credential $credential

Import-PSSession $lyncSession

BONUS: Microsoft Azure

Get-AzurePublishSettingsFile cmdlet

#opens a web page on the Windows Azure Management Portal, from which you can download the subscription information. The information is contained in a .publishsettings file.

Import-AzurePublishSettingsFile “Pathtopublishingfile”

Get-AzureAccount

Get-AzureSubscription
#the previous commands allow to view account and subscription details

Depending of which operations or services we are using, we will be able to connect to the service without problem

Updating DirSync to AAD: Part 2

Hi all, I will continue posting about how to update DirSync in order to get all the advantages of AAD.

If you followed my previous post, and if you have installed all the software requirements in your server, you’re ready to update to AAD. In my case I followed this guide:

http://blogs.msdn.com/b/vilath/archive/2015/05/29/in-place-upgrade-dirsync-to-azure-ad-connect-preview-2.aspx

It was so easy to do, but I had one problem, when I installed AAD and before I configure it, the services of synchronization were stopped, I still don’t know why, but I checked the event viewer and I realized that the account that runs the services does not have the required permissions.

So I needed to put out the server from the Group policy of the domain and put the user the right permissions. In my case it was strange because the user that runs the services was a local user. I didn’t do the original configuration but it seems that is something wrong there, I’m checking if it’s possible to change the user per a domain user, so this would not happen again.

Till the next time!

Updating DirSync to AAD: part 1

Hi all! Today I will start with a serie of posts about how to update DirSync to AAD. For those who don’t know what is AAD, I will tell them that is a new tool from Microsoft that simplifies the synchronization between your on-premises directories with Azure AD, and also to enable single sign-on to Office 365 and other applications.

Azure AD Connect includes all the advances and features of AAD Sync as:

  • Enable your users to perform self-service password reset in the cloud with write-back to on premises AD
  • Enable provisioning from the cloud with user write back to on premises AD
  • Enable write back of “Groups in Office 365” to on premises distribution groups in a forest with Exchange
  • Enable device write back so that your on-premises access control policies enforced by ADFS can recognize devices that registered with Azure AD. This includes the recently announced support for Azure AD Join in Windows 10.
  • Sync custom directory attributes to your Azure Active Directory tenant and consume it from your cloud applications

So, If your question is being: DirSync being replaced by AAD? The answer is yes 🙂

Next thing we have to check before installing nothing is to review the requisites:

Active Directory domain – Windows Server 2003 or higher DC
Machines – The machine on which the wizard is run (and sync will be configured) must be running Windows Server 2008 R2, 2012 or 2012 R2 and must be domain joined
Credentials you will need – To run the wizard, you must be logged in as a domain account, not a local machine account. Windows Server Active Directory enterprise administrator credentials
Azure Active Directory global administrator account – It is helpful to have a test user account created in Active Directory so that you can do a test sign-in upon completion of the configuration
Azure AD –  You will need one Azure AD tenant which you can use for the evaluation of this preview.

Also the following software to update from DirSync to AAD:

Objects in ACTIVE DIRECTORY CPU MEMORY HDD Size
less than 10.000 1,6 GHz 4 GB 70 GB
10.000–50.000 1,6 GHz 4 GB 70 GB
50.000–100.000 1,6 GHz 16 GB 100 GB*
for more than 100.000 objects is required a complete version of SQL Server
100.000–300.000 1,6 GHz 32 GB < 300 GB
300.000–600.000 1,6 GHz 32 GB 450 GB
more than 600.000 1,6 GHz 32 GB 500 GB

To check how many object do we have in AD, we hbave the following Powershell to check it:

Import-module activedirectory

Get-ADObject -Filter {name -like '*'} -SearchBase 'CN=Schema,CN=Configuration,DC=domain,DC=local' -ResultSetSize $null | Measure-Object

In my case it was about 5k objects, so I was able to update withour problems 🙂

If you need more information, you can visit: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/