Azure AD

Finding your Bitlocker Recovery Key in Azure AD

When you Azure AD join your device and activate Bitlocker, you get the option to store the Recovery Key in Azure AD.

If you ever wonder where to find them, they are all available from the Details Window for your registered devices in the Azure AD Management Portal.

A few easy steps to get there

  1. Open Azure AD in the Management Portal
    https://manage.windowsazure.com
  2. Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
  3. Go to the Devices tab, and in the View box, select Devices.
  4. Select the affected device, and click View Details.
    All registered keys should be visible

 

 

 

Powershell One-liner for finding all objcets that use a spesific domain name in Exchange Online

In some cases we need to find all objects that use a domain name in Exchange Online or Azure AD. For example when we need to remove a domain from a Office 365 tenant. This is not a easy task, unless we are able to script it.

The following three one-liners prints out all email addresses that is active on a object.

Get all users with @mydomain.com

Get-MsolUser -DomainName "mydomain.com"

Get all distribution groups with @mydomain.com

Get-DistributionGroup | foreach {$_.EmailAddresses | ? {$_ -like "*@mydomain.com"}}

Get all dynamic distribution groups with @mydomain.com

Get-DynamicDistributionGroup | foreach {$_.EmailAddresses | ? {$_ -like "*@mydomain.com"}}

Thereafter we can either go in and remove these manually, or we could write a new script that does it for us using the Set-MailUser, Set-Mailbox, Set-DistributionGroup or Set-DynamicDistributionGroup

Azure Active Directory Updates, and they are awesome

First of all, lets summarize what just happened

  • Azure Active Directory Application Proxy just went into General Availability
  • Azure Active Directory Premium is now available for all Office 365 customers either in Direct or through MOSP
  • Azure Active Directory received four enhancements.
    • Administrative Units – Public Preview
    • New SSO capabilities for SaaS apps – Public Preview
    • Password writeback enters General Availability
    • Security questions for Self-Service Password Reset – Public Preview

Read the official blog post here
http://blogs.technet.com/b/ad/archive/2014/12/11/wrapping-up-the-year-with-a-boat-load-of-azure-ad-news.aspx

Azure Active Directory Application Proxy (AADAP)

Recently I blogged about this topic, read more here. Basically what AADAP does it to create a proxy application in the cloud that allows you to connect to your internal on-premises application in a secure matter. This is a great tool if we don’t have a publication platform on-premises today.

Azure Active Directory Premium in Direct/MOSP for Office 365

We now have Azure AD Premium available for direct online purchase, using a credit card, in the Office 365 admin portal (you do not need to be an existing Office 365 customer to buy). This opens a new world of features for the SMB market!

Azure Active Directory – Administrative Units

We can now delegate administrative access to Azure AD. In this release it’s only available through PowerShell. The consept is that we can for instanve have Global Admins as before, but we can now also have Regional Admins. Within their region they can manage users, devices, applications and policies.

Azure Active Directory – Custom additon of SaaS applications

If we search for an SaaS application, and it’s not available, we can add the application as a unlisted app, and then configure SSO as we like.

Azure Active Directory – Password writeback enters GA

This isn’t something new, but it’s released into GA. This means that we can use this in production with good confidence. Note that this feature require Azure AD Premium.

Azure Active Directory Password Reset – Security Questions

We have now the posibility to add security questions as one of the authentication methods when users need to change their password. The value of this is that the user don’t need ther phone or alternative email address available when resetting.