Introduction to Azure AD: Part 1

After having some discussions about this technology, I have decided to post a series of posts about this technology, and which options do we have depending the scenario where we are involved, so let’s start!

Today, I’m gonna talk about Azure AD, which probably everyday everyone knows, but in case of not, this is post is also for you. Azure AD is the acronym of Azure Active Directory, which basically is a cloud service identity provider or identity as a Service, in other words, it’s a simpler version of the typical Active Directory that almost every company has.

Which is the main purpose? Extend your AD to support the cloud and to allow business users to work with cloud applications. Simply as is.

How you can imagine, when we are using Azure AD we are relying on Azure, but also, when we are using O365, we are also using Azure AD to store the synchronized identities on the cloud (in case we have configured the synchronization between OnPrem and the cloud), so even if you don’t have an Azure subscription to host services, you can enter to azure portal, enter into Azure Active Directory and manage your users.


So, resuming, if we have O365, we also have Azure AD, and we can manage the users from the O365 portal and from the Azure AD portal. In addition to that, managing users in the Azure AD portal, gives us a lot of possibilities, as conditional access, identity protection, etc…  But, to use some of these features, we need a valid license.

Licenses in Azure AD, are divided into Free, Basic, Premium 1 and Premium 2, each has some interesting features, in the following link, you can have a closer look to each of these features:

As we can see, depending of what we want to use, we will need a different license, also, we have to take into account, that every user that will use this “premium” features, will need a valid license, so take in to account we you are planning to implement a service like this into your business.

As we can see, until here Azure AD is easy peasy, but now comes the funny part, have you ever realized that Azure AD is divided into Azure AD Azure B2B and Azure B2C, don’t you? So, in next post I will try to focus more in B2C and B2B to at least show my vision about this technology and possible use cases.

For more info:


Azure classic portal will be deprecated

If you are still accessing to the classic portal to manage your VM’s and resources, be aware that the classic portal will be deprecated during the next month. The following information has been published in Docs:

The Azure classic portal will be retired January 08, 2018. After this date, if you attempt to use this portal, you will be automatically redirected to the new Azure portal.

For more information, see the blog post announcement, Marching into the future of the Azure AD admin experience: retiring the Azure classic portal. For the temporary extension to the original retirement date, see Update on retirement of Azure AD classic portal experience and migration of conditional access policies.

So take into consideration to assess your client to migrate all the information or control those applications that still in the classic portal.

Where do users change their phone number for resetting O365 password?

It seems a post very straightforward, but a client fired me this question and I thought that I was pretty sure about the answer, but no, I discovered something new for me in our marvellous O365 world.

My client wanted to change their phone and mail, when they must reset their password. If you remember, the first time that you log into O365, it asks for this data to complete your “recovery” profile. So, when he asked me to change this data, I guided him to follow this procedure:


  • Click on my profile


  • Update profile with your own/new info

Easy right?

If you follow this procedure to change your O365 password recovery data, you’re as much as wrong as I was. This procedure does not change your initial data, it only changes your profile information. So where do I have to access to change this data? Of course, Azure…

We know that every O365 tenant shares the Azure AD, so in Azure we also have the user information. In this case, the only thing that we have to do is to access to go to Azure Active Directory resource, users and groups and select the user that you need to change their information.



After doing this, you will be able to reset your password with the new data that has been introduced.

Keep in mind, that you’ll need permissions in the Azure resource in order to modify this “personal” information, if you don’t have the properly permission, this information will be greyed out.


Hope it helps!


Azure AD Premium vs. Azure AD

Many of my customers ask me that, and most of the cases I answer with the following: “If you have an Office 365 subscription, then you already have Azure Active Directory”

In addition to that, if they have Azure AD Connect enabled, will mean that their OnPremises users, passwords and groups are being synchronized to Azure Active Directory.

This is the standard case, but then many of my customers want to enable more features, but many of them are only available on Premium version, and yes it incurs an extra cost

Moreover, nowdays we have different types of Azure Active Directory licensing like:

  • Azure Active Directory Basic
  • Azure Active Directory Premium P1
  • Azure Active Directory Premium P2

But, which features has each one of the licenses?

With Azure Active Directory Basic

  • Manage users & group memberships in the cloud, and assign licensing
  • Sync your on-premises directory using Azure AD Connect
  • Cloud Users can reset their own passwords online
  • Company branding for the SSO access panel, etc.
  • 99.9% uptime SLA

Azure Active Directory Premium P1

  • MFA for cloud and OnPremises
  • Monitor AD synchronization health in the cloud
  • Cloud and OnPremise Users can change their own passwords online
  • Advanced security & usage reports
  • Self-service group & app management (dynamic groups)
  • Run Cloud App Discovery to uncover unmanaged cloud applications running in your environment

Azure Active Directory Premium P2

  • Azure Identity Protection
  • Privileged Identity Management

So, if you want to more about the Azure Active Directory, you can visit the following link, where you can find more info about it.

Till next time!

AzureAD admin is in the new Azure Portal!

Hi there!

Yes, you’re reading well, MS have launch the preview of AzureAD in the new Azure Portal. As you know, when you need to configure something of AzureAD in the new portal, automatically redirects to

It was very confusing and it was simply stupid, but from today we can enjoy the new AzurePortal:


I hope that MS will be improving the user experience of this new feature, but for this time this are great news 🙂

If you want to hear more info about this, you can visit the following Technet Blog



How to connect to O365 using PowerShell

PowerShell is a necessary tool  to connect to O365 administration, more than the 40% of the features of O365 are not visible in the administration panel, so the only way to manage them is via PowerShell code. To the vast majority of users the web portal will be more useful, but if you need to do repetitive tasks or very complex PowerShell is your tool.

So, how do we connect to the several services that offer O365? Let’s being:

Azure Active Directory

$credential = get-credential
Import-Module MsOnline

Connect-MsolService -Credential $credential

Exchange Online

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $credential -Authentication “Basic” -AllowRedirection

Import-PSSession $exchangeSession

SharePoint Online

Import-Module Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url https://<NombreDelTenant> -credential $credential

Skype for Business

Import-Module LyncOnlineConnector

$lyncSession = New-CsOnlineSession -Credential $credential

Import-PSSession $lyncSession

BONUS: Microsoft Azure

Get-AzurePublishSettingsFile cmdlet

#opens a web page on the Windows Azure Management Portal, from which you can download the subscription information. The information is contained in a .publishsettings file.

Import-AzurePublishSettingsFile “Pathtopublishingfile”


#the previous commands allow to view account and subscription details

Depending of which operations or services we are using, we will be able to connect to the service without problem

Updating DirSync to AAD: Part 2

Hi all, I will continue posting about how to update DirSync in order to get all the advantages of AAD.

If you followed my previous post, and if you have installed all the software requirements in your server, you’re ready to update to AAD. In my case I followed this guide:

It was so easy to do, but I had one problem, when I installed AAD and before I configure it, the services of synchronization were stopped, I still don’t know why, but I checked the event viewer and I realized that the account that runs the services does not have the required permissions.

So I needed to put out the server from the Group policy of the domain and put the user the right permissions. In my case it was strange because the user that runs the services was a local user. I didn’t do the original configuration but it seems that is something wrong there, I’m checking if it’s possible to change the user per a domain user, so this would not happen again.

Till the next time!