Azure Files SMB Access with Windows AD allows you to access file shares in Azure with NTFS access control. By default, that access won’t extend to an on-prem network over VPN or Express Route. This video shows how to extend access to an Azure Files share with Windows AD to an on-premises network using Private Endpoints.Continue reading “Azure Files SMB Access On-premises with Private Endpoints”
Azure Files allows you to access file shares in Azure, but until recently use was restricted to RBAC permission. Azure Files SMB Access for Azure AD Domain Services is generally available and support for Windows AD is now in public preview. This video goes over how to enable Azure Files for SMB access secured with your on-premises Windows AD Directory Services.Continue reading “Azure Files SMB Access with Windows AD”
One unfortunate aspect of working with Windows Virtual Desktop is the inability to assign users to an Application Group based on group management. Microsoft has heard this complaint and an upcoming version of WVD portal management will include App Group access based on group membership. Until that is available, I created a script that should help.Continue reading “Update an WVD Application Group Based on a Windows AD Security Group”
Microsoft has a couple of options available for identity and authentication services including Active Directory Domain Services, Azure Active Directory, and Azure Active Directory Domain Services. This can lead to confusion, especially considering three of the options have “Active Directory” in the name. It also leads to the question “do we still need domain controllers?” This post reviews these three different options, outlining the functionality and comparing how they work together in Microsoft and Azure.Continue reading “Active Directory Domain Service, Azure Active Directory and Azure Active Directory Domain Service Explained”
It has been about two weeks since the Azure Windows Virtual Desktop preview was announced. I have had several people ask about a specific issue when adding Windows Virtual Desktops to a domain during the provisioning process. The error is related to adding the new hosts to the Active Directory Domain and the message looks like below, indicating the “VM has reported a failure when processing extension ‘joindomain’’Continue reading “VM has reported a failure when processing extension ‘joindomain’”
I had the pleasure of spending a significant amount of time elbows deep in a Remote Desktop Services deployment this week. As part of the effort, I published the RDS RDWeb IIS page with the Azure AD Application Proxy so MFA can be leveraged for remote desktop services.
For all the technical challenges I’ve ran into, nothing is more frustrating than trying to understand Microsoft Licensing. I put together an infogram as an attempt to explain Microsoft licensing and the relationship between the O365, EMS and the new Microsoft 365 license bundle. Supporting links are below as well as a video I put together to explain how each product relates to the other. This is meant to be informational only, please seek assistance from a Microsoft licensing professional before making any purchasing decisions. Continue reading “Microsoft 365 E3 and E5 Bundels”
I am at the beginning of implementing Azure AD Premium in an environment and got hung up on the simple task of configuring Named Location for Conditional Access. Now, this was a minor nuisance at best, but thought I would outline what happened as the Microsoft documentation is a bit misleading.
As a background for those of you unfamiliar, Named Location is a feature of Azure AD Premium that lets you define know locations in your AD tenant. This is used for with Identity Protection and login risk assessments. It can also be part of Conditional Access. For example, don’t force MFA when a user logs in from a Named Location. More information can be found here: