Microsoft Azure Active Directory Authentication Library (ADAL) for iOS, Android and OSX are General Availability

Great news from the Active Directory product group – The Active Directory Authentication Library (ADAL) for iOS, OSX and Android have reached General Availability!

Go to and read and learn more about those very important libraries.

How to Sign In to an Azure Subscription with your Office 365 Identity

In case you would like to use your new Azure subscription with your corporate identity already synchronized to your Office 365 tenant, for example to let users to create Azure Virtual Machines or Web Sites, you should read the following article:

General information about the Azure subscription and Azure Active Directory (AAD) can be found here:


What are the Object Limits in Azure Active Directory and DirSync or Azure Active Directory Sync?

There are currently some object limits in Azure Active Directory (AAD) and DirSync or AAD Sync you should be aware of:

  •  AAD has a default object limit of 50,000 objects (users, mail-enabled contacts, and groups) by default. You can deploy DirSync/AAD Sync with Microsoft SQL Server Express.
  • When the first verified domain is added, this object limit is automatically increased to 300,000 objects (each tenant is only granted one increase). You must deploy directory synchronization with a full instance of SQL Server.
  • Group objects with more than 15,000 immediate members are filtered and therefore not synchronized to AAD.

Azure Active Directory (AAD) Sync Beta 2

Available since yesterday, the 2nd beta of the new AAD Sync that is aimed to replace DirSync.

What’s new in Beta 2?

The following features have been added:

  • Select only required services/attributes to synchronize to AAD
  • Exchange hybrid deployments
  • Password write-back for multiple-forests (AAD Premium preview feature)

Where can I find more information about AAD Sync?

Here on TechNet:

Download URL:

Use a Corporate Email Domain for a Microsoft Account and Organizational ID in Azure Active Directory

As you may know, you can register a Microsoft account with your corporate email domain (e.g. instead of using one of the known domains (,, etc.).

Now, let’s imagine you use this Microsoft account with Azure. Therefore, you will have an Azure AD tenant that is called something like (generated based on the email address A few month later, Contoso decides to subscribe to Office 365 or Azure, and registers as public (validated) email domain. Furthermore, local identities are synchronized with DirSync/AAD Sync from the on-prem Windows Server AD to Azure AD.

So, what happens to the Microsoft account that is registered with the corporate email domain? Can this account still be used? The short answer is: Yes!

In case I want to sign in to the Office 365 or Azure portal and therefore enter my email address, Azure AD ask me to select which identity I want to use – either the consumer Microsoft account or the synchronized organizational ID (also called OrgId). So yes, it is possible to have two different identities (user entities) in Azure AD with the same email address.

Active Directory Authentication Library (ADAL) v2 RC

The Active Directory Authentication Library (ADAL), which is used to simplify the authentication against Azure Active Directory and on-prem Active Directory Federation Services for modern apps, is now available as v2 Release Candidate!

You can read more about what’s new in v2 on Vittorio’s blog:

4 Things you Need to Know about Windows Intune and Windows Phone 8.x

Here are four important things you need to know when using Windows Intune as mobile device management (MDM) platform for Windows Phone 8 and 8.1:

  • To enroll Windows Phone 8.x devices in Windows Intune, you have to upload a signed company portal app.
  • If you have a paid Windows Intune tenant, you cannot upload the sample already signed company portal app, which is included in the Support Tool for Windows Intune Trial Management of Window Phone (
  • If you have a paid Windows Intune tenant, only the code signing certificate from Symantec can be used to sign the company portal app (or any other app you would like to deploy on Windows Phone 8.x devices).
  • Deploying a policy to a Windows Phone 8.x device and get the status properly reported back in the Windows Intune administration portal may take some time. It’s not a real time experience today.

How to Start with Windows Intune

I’m currently playing with Windows Intune, as part of the new Microsoft Enterprise Mobility Suite, or short EMS (more about EMS here).

Now, starting with Windows Intune can be a little bit hairy, depending on which kind of device/client you want to integrate. The goal of my first blog post about Windows Intune/EMS is to share with you some helpful links (at least I found them very helpful during my ramp-up):

A Swiss blog about Microsoft's Security & Identity and Access Management solutions for Private and Public Clouds