Finishing up at #ExpertsLive Europe

After 3 days at Experts Live in Berlin, my speaker duties are finished. This conference was pretty new to me and I would like to share my experiences. I have delivered 4 contributions to this great conference, 2 sessions where I have been talking about Microsoft Intune, Azure AD, Conditional Access and Windows 10 Modern IT and 2 discussion panel session talking about much of the same stuff ūüôā

Continue reading

Windows 10 Azure AD Join build 1607

This is going to be a short blogpost on the updated experience on what it looks like for a user doing a out of the box Azure AD Join in the Anniversary Edition of Windows 10. There is a few and cool new things giving the user a much better experience.

One thing to notice is that Convenience Pin is disabled by default for Domain Joined or Azure AD Joined machines. Read on to learn how this affects the users.

Continue reading

Azure MFA for Enrollment in Intune and Azure AD Device registration explained

I have been working with setup of MFA required for enrollement in Intune abit lately and have discovered a couple of things that is not really explained well in the Intune console/documentation.

Enrollment of devices in Intune will in most cases also trigger a device registration in Azure AD. This registration in Azure AD can easily be connected to a MFA requirement by just configure your Azure AD to require MFA for device registration. But this does not apply to all scenarios, so in this blogpost I am going to go into each plattform and explain what happens during enrollment and how the MFA is triggered. I will also cover different options for enrollment of Windows 10 Mobile.  Continue reading

Single Sign-On to on-premises resources from Azure AD joined when Onprem

Azure AD Join was introduced in Windows 10 and allows a Windows 10 device to register with Azure Active Directory (Azure AD) and allows Azure AD users to sign-in to the device using their work credentials or more commonly know as their O365 credentials.

Users on these devices will enjoy Single Sign-On (SSO) to Office 365 or other SaaS applications.

The really cool part is that if this user is working within the corporate network the user can enjoy SSO to on-premises Integrated Windows Authentication based resources as well, provided the organization has enabled this functionality. Continue reading