Great news from the Active Directory product group – The Active Directory Authentication Library (ADAL) for iOS, OSX and Android have reached General Availability!
Go to http://blogs.technet.com/b/ad/archive/2014/07/21/azure-active-directory-sdk-s-for-ios-android-and-osx.aspx and read and learn more about those very important libraries.
Just Zarb shows how you can setup a Android virtual machine, based on the Android x86 project, to test the Windows Intune capabilties on this platform. Very easy and straight forward…
In case you would like to use your new Azure subscription with your corporate identity already synchronized to your Office 365 tenant, for example to let users to create Azure Virtual Machines or Web Sites, you should read the following article:
General information about the Azure subscription and Azure Active Directory (AAD) can be found here:
There are currently some object limits in Azure Active Directory (AAD) and DirSync or AAD Sync you should be aware of:
- AAD has a default object limit of 50,000 objects (users, mail-enabled contacts, and groups) by default. You can deploy DirSync/AAD Sync with Microsoft SQL Server Express.
- When the first verified domain is added, this object limit is automatically increased to 300,000 objects (each tenant is only granted one increase). You must deploy directory synchronization with a full instance of SQL Server.
- Group objects with more than 15,000 immediate members are filtered and therefore not synchronized to AAD.
Available since yesterday, the 2nd beta of the new AAD Sync that is aimed to replace DirSync.
What’s new in Beta 2?
The following features have been added:
- Select only required services/attributes to synchronize to AAD
- Exchange hybrid deployments
- Password write-back for multiple-forests (AAD Premium preview feature)
Where can I find more information about AAD Sync?
Here on TechNet: http://social.technet.microsoft.com/wiki/contents/articles/tags/AADSync/default.aspx
Download URL: https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53831
As you may know, you can register a Microsoft account with your corporate email domain (e.g. contoso.com) instead of using one of the known domains (hotmail.com, outlook.com, etc.).
Now, let’s imagine you use this Microsoft account with Azure. Therefore, you will have an Azure AD tenant that is called something like dominikzempcontoso.onmicrosoft.com (generated based on the email address firstname.lastname@example.org). A few month later, Contoso decides to subscribe to Office 365 or Azure, and registers contoso.com as public (validated) email domain. Furthermore, local identities are synchronized with DirSync/AAD Sync from the on-prem Windows Server AD to Azure AD.
So, what happens to the Microsoft account that is registered with the corporate email domain? Can this account still be used? The short answer is: Yes!
In case I want to sign in to the Office 365 or Azure portal and therefore enter my email address, Azure AD ask me to select which identity I want to use – either the consumer Microsoft account or the synchronized organizational ID (also called OrgId). So yes, it is possible to have two different identities (user entities) in Azure AD with the same email address.
The Active Directory Authentication Library (ADAL), which is used to simplify the authentication against Azure Active Directory and on-prem Active Directory Federation Services for modern apps, is now available as v2 Release Candidate!
You can read more about what’s new in v2 on Vittorio’s blog: http://www.integrationtrench.com/2014/07/neatly-formatting-hashtable-in-verbose.html
Here are four important things you need to know when using Windows Intune as mobile device management (MDM) platform for Windows Phone 8 and 8.1:
- To enroll Windows Phone 8.x devices in Windows Intune, you have to upload a signed company portal app.
- If you have a paid Windows Intune tenant, you cannot upload the sample already signed company portal app, which is included in the Support Tool for Windows Intune Trial Management of Window Phone (http://www.microsoft.com/en-us/download/confirmation.aspx?id=39079).
- If you have a paid Windows Intune tenant, only the code signing certificate from Symantec can be used to sign the company portal app (or any other app you would like to deploy on Windows Phone 8.x devices).
- Deploying a policy to a Windows Phone 8.x device and get the status properly reported back in the Windows Intune administration portal may take some time. It’s not a real time experience today.
I’m currently playing with Windows Intune, as part of the new Microsoft Enterprise Mobility Suite, or short EMS (more about EMS here).
Now, starting with Windows Intune can be a little bit hairy, depending on which kind of device/client you want to integrate. The goal of my first blog post about Windows Intune/EMS is to share with you some helpful links (at least I found them very helpful during my ramp-up):