Azure AD B2B Collaboration

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration capabilities enable any organization using Azure AD to work safely and securely with users from any other organization, small or large. Those organizations can be with or without Azure AD, and don’t even need to have an IT department.

In this video, we’re going to invite an external user to Contoso Bank using Azure AD B2B Collaboration.

I’m also going to show you how to add such an invited, external user to the Global Address List of your organization.

Azure AD Password Protection (preview)

Recently Azure AD Password Protection has become available in Public Preview. This new feature consists of several components, intended to eliminate bad passwords in your organization.

The main feature is the Global Banned Password list. On this dynamic list, Microsoft has gathered vulnerable passwords that are deemed to common. The list is not public, but you can imagine passwords like Welcome01 and Password123 are on it.

New in the Public Preview is the possibility to add custom passwords that you want to ban for your own organization. This enables you to ban the company name, brand names and the like, as passwords in your organization.

Password Protection is also available for hybrid scenarios, extending this Azure AD capability to your on-prem Active Directory.

In this video, you will find out how to configure Password Protection and you will see the user experience. I’m also showing you how to install and configure Password Protection for your on-prem AD.

Find out more in this blog post by Alex Simons and of course on Microsoft Docs.

Control Cloud Apps with Microsoft CAS

Moving to the cloud increases flexibility for employees and reduces IT cost, but it also introduces new challenges and complexities for keeping your organization secure. To be able to get the full benefit of cloud applications, an IT team must find the right balance of supporting access while maintaining control, to protect critical data.

This video shows how you can combine Azure AD, Microsoft Cloud App Security and Azure Information Protection to protect your sensitive data. I’m showing how you can enrich a SaaS-application like Box with the capabilities of the Microsoft cloud platform, in order to make sure that sensitive files copied to Box, are automatically classified and protected (encrypted).

Azure Information Protection Scanner

Azure Information Protection is a great solution to classify, label and protect all files you create. But what to do with the files you already have on your on-premises file share or SharePoint environment?

The AIP Scanner offers you the possibility to scan those files and match the file contents with your AIP policies. AIP Scanner can run in reporting mode or in enforce mode – the latter being used to actually apply labels and protection to those files.

In this video, you will see how to install, configure and use the AIP Scanner.

Implement the scanner in your environment? Check this Doc on how to deploy.

Azure AD for non-Microsoft applications

I often hear the misconception that Azure AD is only meant for use with Microsoft products like Office 365 or Azure. And of course Azure AD works great with the Microsoft portfolio, but it is also very easy to use Azure AD to give your users seamless access to non-Microsoft applications.

There’s actually already thousands of applications pre-configured for you, to make it really easy to add them for your users. One of those applications in Salesforce, which I am going to add to Azure AD in today’s video using SAML SSO.

Also want to integrate Salesforce with Azure AD? You can find the tutorial here!

How to use Azure AD Application Proxy

A lot of organizations have moved to Office 365 and started using Azure AD. However, many of these organizations still have on-premises applications which are tied to the on-premises Active Directory. An often overlooked option is the Azure AD Application Proxy. In this video I explain how you can use the Azure AD Application Proxy to easily make your on-prem application available in Azure AD and start using advanced capabilities like SSO and MFA, without changing a line of application code. And in most cases, even firewall changes are unnecessary.

Also want to give secure remote access to your on-premises apps? Learn more:

Intune: set compliance by location of the device

Intune now offers the possibility to set compliance of an Android device, based on the IP address of the device. If the device moves outside the IP range, then the device cannot access corporate resources.

Have a look at my video that shows how to create such a compliance policy and what it will look like for the end user.

More information and all other updates can be found here:

Using Azure AD B2C

Today I’m showing you the B2C capabilities of Azure Active Directory. Azure AD B2C is a great solution to give your customers a very easy way to sign up and sign in to your applications, using the social ID’s they’re already using such as Google or Facebook.

B2C offers support for all platforms and open standards, like OpenID Connect and SAML, and can be fully branded for your organization.

As Azure AD B2C is a cloud service, it can easily scale to hundreds of millions of users.

New Sign-in Experience Azure AD, Office 365

In the next couple of days, the sign-in experience for Microsoft’s online services, such as Office 365 and Azure, is going to change. The change in not as big as about a year ago – this time it is only a visual change.

Check out my video showcasing the existing UI compared to the new UI.

Want to learn more or try yourself? Find out more in this article.

Block legacy authentication without ADFS, using Conditional Access

One of the biggest advantages of Azure AD is the Conditional Access framework. Conditional Access allows for a very granular access control to your applications. Based on the conditions you define in a policy, certain controls are enforced before access is allowed. The catch is that Conditional Access is based on Modern Authentication. All the CA policies you create, do not apply to users that use legacy authentication – for example when using Outlook 2010 or protocols like POP3 or IMAP.

Since last week, it is possible to block legacy authentication in Conditional Access (in preview). This means, it is now possible to create your Conditional Access policy while at the same time blocking legacy authentication – all from one place and without the use of ADFS.

For many organizations, this is great news, because this removes another possible requirement for the use of ADFS, after we already introduced pass-through authentication last year.

Check out my video to find out how (easy) this works in real life.