SlideShare a Scribd company logo

O365Engage17 - Modern authentication for the office 365 administrator

NCCOMMS
NCCOMMS

Office 365 Engage 2017 Session

Technology
1 of 38
Download to read offline
1 Slide 1 Modern authentication for the Office 365 administrator Vasil Michev
2 Slide 2 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 About me 2 Vasil Michev vasil@michev.info https://www.linkedin.com/in/michev/ www.michev.info/blog MS Cloud strategist @ QUADROtech Office Servers and Services MVP
3 Slide 3 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The need for Modern authentication • Cloud – access from anywhere • BYOD – access on any device • Consumerization of IT – proper UI • Access to lots of 3rd party apps • Interoperability with 3rd party ID providers (IDaaS) • ‘Traditional’ demands for security with 2FAs • Microsoft’s answer – Azure AD and Modern auth/apps 3
4 Slide 4 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - 2010 (federated ID) 4
6 Slide 6 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - 2013 6
7 Slide 7 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - Office & ADAL 7
8 Slide 8 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Set of standards-based, open-source APIs • OAuth 2.0 (authorization) • OpenID Connect (authentication) • OrgID => EvoSTS (transparent to end users) • Client side uses ADAL (with MSAL now in preview) • MSOIDCRL => ADAL (OAuth based auth stack) • Cross-platform support • Support for 3rd party (STSes + directories + 2FAs +…) • Enables Conditional access, PTA, B2B, B2C, … What is Modern Authentication 8
9 Slide 9 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Unified experience across apps • No more basic auth for Outlook! • Unified experience across devices • Support for user consent • Support for 3rd party STSes • Support for access and refresh tokens • Support for 2FA solutions across apps • No more app passwords! Why Modern Authentication? 9
10 Slide 10 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 How to enable Modern auth (and disable legacy) • Exchange Online: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true • SharePoint Online: enabled by default • Skype for Business Online: Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed • Office software requirements (March 2015 and later for 2013 MSI) • Disable legacy auth: • For SPO: Set-SPOTenant -LegacyAuthProtocolsEnabled $false • For all others: Use AD FS claims rules where possible • Disable App passwords! 10
11 Slide 11 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Modern Auth and on-premises infrastructure • Exchange server: under development • Skype for Business server: supported*, requires AD FS https://technet.microsoft.com/en-us/library/mt710548.aspx • SharePoint server: not supported*** • Can be a problem for organizations that rely on AD FS claims rules • All traffic is now on the passive endpoint (/adfs/ls) • The X-MS-Forwarded-Client-IP* and X-MS-Client-Application claims no longer added • x-ms-client-user-agent can still be used (can be spoofed!) • But you can force MFA as all traffic is Passive • Conditional access in Azure AD is viable workaround, but requires Azure AD Premium • Seamless SSO still requires smart links or similar 11
12 Slide 12 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Unified experience across Office apps • No more basic auth for Outlook! • No more app passwords! • Token persists across (Office) apps! (not across devices) • Does not configure profiles automatically (but will reuse token)! • Same experience in other ADAL-enabled apps • Same experience across apps on different devices • Same experience with other 2FA methods • Known issues: SfB/EWS interop; multiple users/tenants… Client experience 12
13 Slide 13 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Windows Mac OS X Windows Phone iOS Android Office clients Office 2013*/Office 2016 Office 2016 for Mac Supported Supported Supported Skype for Business Supported Supported Supported* Supported* Supported* Outlook Office 2013*/Office 2016 Outlook 2016 for Mac Supported Supported Supported ODfB ODfB NGSC Office 2013*/Office 2016 Supported Supported Supported Supported Supported Legacy clients No support for Office 2007/2010 No support for Office 2011 for Mac No support for Windows Mobile 7 No support for OWA for mobile Groups/Teams Planner/Yammer N/A N/A Supported Supported Supported Office 365 Admin app N/A N/A Supported Supported Supported RMS sharing app/AIP client Supported Supported Supported Supported Supported Current list of ADAL enabled apps 13
14 Slide 14 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Unified experience across apps (Outlook) 14
15 Slide 15 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Unified experience across devices (WP) 15
Modern authentication flow 18
19 Slide 19 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • IDCRL was caching credentials instead • EvoSTS tokens different than OrgID ones • Token lifetimes • Access token: 1 hour (short-lived) • Refresh token: default 14 days, up to 90 days with use • Lifetime configuration is consistent across services/applications • Having a token means you bypass any 2FA! • Changing network location does not invalidate tokens! • What can invalidate a token? • Conditional Access Policies • Password change events (reset, admin reset) • Admin control • OIDC adds the ID token (gives info about the user) Support for access and refresh tokens 19
20 Slide 20 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Access/refresh token exchange 20 Note there is no AD FS box!
21 Slide 21 Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Follow us: #O365ENGAGE17 Token revocation and lifetime control At GA Preset token lifetimes • Access token: 1 hour • Refresh token: 90 days Access tokens cannot be revoked Refresh tokens revoked via: • Password reset for cloud users • Conditional access • s At present Configurable token lifetimes • Access token: 10 mins to 1 day • Refresh token: 10 mins to 90 days* Access tokens cannot be revoked Refresh tokens revoked via: • PowerShell (Revoke-AzureADUserAllRefreshToken) • Conditional access • For synced users: pwdLastSet attribute • For federated users: Password changes Account disabled or deleted Downgrade of device state (Compliant => Managed => Registered) 21
22 Slide 22 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 PowerShell modules with ADAL support • Azure AD (and Preview) • WAAD (MSOnline) • Exchange Online • Skype for Business Online • SharePoint Online • SharePoint PnP • AADRM (Azure Information Protection) 22
23 Slide 23 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 PowerShell modules with ADAL support 23 MFA status Pass credentials Pass token Bypass MFA on trusted location Azure AD Supported Supported Supported Supported Exchange Online (legacy) Not supported N/A N/A Not supported Exchange Online (MFA module) Supported Not supported Not supported* Supported Security and Compliance Center Not supported N/A N/A Not supported SharePoint Online Supported Supported*** Not supported Not supported SharePoint Online PnP Supported Supported*** Not supported Supported Skype for Business Online Supported Supported*** Not supported* Supported AIP/AADRM Supported Supported Supported Supported Azure Supported Supported Supported Supported * workarounds exist
24 Slide 24 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 ExO PowerShell and MFA Demo • It’s still a Remote PS session • Same configuration and Language mode • Different Connection URI! • But same old Basic auth • Or is it? 24 Still a remote PowerShell session Still NoLanguage Mode  This is new? This is not And this is an access token!
25 Slide 25 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 SfBO PowerShell Demo • UserName parameter is mandatory • Does not automatically import the session • Different method – “oauth” as username • Token not cached (no entry in the PS TokenCache) • Token validity 8h • Cannot renew token • Passing credentials object bypasses MFA • but doesn’t solve any of the above… 25
26 Slide 26 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Automate MFA PowerShell connectivity • Configure Trusted IPs for bypass • Combine it with passing creds for modules like Azure AD • Get the token programmatically and pass it • Not all modules support this • Exposed ADAL methods do not return refresh tokens • PowerShell sessions do not share the same token (cache) • Even if you get refresh token, no methods to get new access one • Auto-load the ExO Module • Different implementation for different modules • Session still breaks as often, and some sessions don’t even renew… 26
27 Slide 27 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 What about EWS? • EWS always uses legacy authentication • For federated users, it goes on the active endpoint • If the user has 2FA, request fails • If the user is enforced for Azure MFA, app password flow kicks in! • Request never reaches the on-prem AD FS • Authenticate to ExO EWS via Oauth • Register Azure AD application • Grant OAuth permissions • Acquire token and connect • Respects Impersonation permissions in ExO 27
28 Slide 28 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Troubleshoot Modern Authentication issues • Always use the latest updates • Lots of Modern auth issues for Office resolved since GA! • MSO.dll, ADAL.dll (responsible for blank windows!) • AD FS updates too! (or 3rd party STS) • For Outlook, make sure MAPI/HTTP is enabled • Clear cached tokens/cookies • Enable Forms auth and "/adfs/services/trust/13/windowstransport" endpoint • Update AD FS claims rules! • Check for prompt=login behavior • Tools: OffCAT/SaRA, Icesdptool, AD FS configuration, ExRCA • Enable logging on the client, check for MSO events • More tips in this session 28
29 Slide 29 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Tokens and cookies • Office apps • Access token stored in registry HKEY_CURRENT_USERSoftwareMicrosoftOfficeXXCommonIdentityIdentities<GUID>_ADAL • Refresh token stored in Credential Store MicrosoftOffice16_Data:ADAL:<GUID> • Clear browser cache/cookies • Skype for Business: credential store, %localappdata%MicrosoftOffice16.0Lync • OneDrive for Business: credential store • PowerShell HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWSMANClientConnectionCookies • Teams: credential store 29
30 Slide 30 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Office 2013 did not support proper 2FA • No more app passwords • Proper 2FA support in Outlook • Token persists across (Office) apps • ADAL is agnostic to the 2FA method used! • Cares only about token • Azure MFA for managed IDs • Azure MFA server for federated IDs • Or any other supported 2FA on-prem • List of solutions Support for 2FA solutions 30 2FA provider Offering Gemalto Gemalto Identity & Security Services inWebo Technologies inWebo Enterprise Authentication service Login People Login People MFA API connector for AD FS 2012 R2 Microsoft Corp. Microsoft Azure MFA and Azure MFA server RSA RSA SecurID Authentication Agent for AD FS SafeNet, Inc. SafeNet Authentication Service (SAS) Agent for AD FS Swisscom Mobile ID Authentication Service and Signature Services Symantec Symantec Validation and ID Protection Service (VIP) Multiple companies Certificate based auth
31 Slide 31 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Free with Office 365 • Easy to configure and manage • Easy to integrate with SaaS apps in Azure • Can be integrated with on-prem LOB apps through Azure AD app proxy • NPS extension for Azure MFA • Reporting, One-time bypass, Suspend, custom caller ID and greeting, trusted IPs, Fraud alert • Before ADAL, relied heavily on app passwords Leverage Azure Multi-Factor Authentication with Azure AD Azure MFA 31
34 Slide 34 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Admin control (fill in/prevent changing phones, limit number of devices, fallback via backup phone or questions) • More methods: 2-way SMS, Oath token • Force/block a method • Integration with AD FS • Granular control via Claims rules/Auth policies • Integration with on-prem apps, VPN, RDS/RDG, IIS • (Optional) Web SDK, Mobile SDK, User portal • MFA for users not in the cloud (+LDAP integration) Azure MFA server whitepaper Azure MFA server 34
35 Slide 35 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Azure MFA server 35
36 Slide 36 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS + Azure MFA server 36
37 Slide 37 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS + Azure MFA server • Control where MFA challenge is performed • Do MFA in the cloud: Set-MsolDomainFederationSettings -DomainName -SupportsMFA $false • Do MFA on-premises: Set-MsolDomainFederationSettings -DomainName -SupportsMFA $true • Make sure AD FS issues or passes claim http://schemas.microsoft.com/claims/authnmethodsreferences • Otherwise a login loop will be caused AAD will add wauth=http%3a%2f%2fschemas.microsoft.com%2fclaims%2fmultipleauthn • Bypass MFA DEMO • Force double-MFA DEMO • MFA for external users • For B2B (can also require double-MFA) • For B2C 37
38 Slide 38 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Azure MFA as additional auth provider in AD FS • Can be used as primary and/or secondary auth • Does not require on-prem Azure MFA server install • Steps to configure are here • Sign-in with verification code from mobile app (Azure authenticator) • Passwordless login! • Call or SMS not supported • User needs to have registered with Azure MFA first • No inline provisioning supported currently • Does not bypass 2FA when used as primary AD FS with Azure MFA as Primary auth 38
39 Slide 39 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Certificate based auth for Azure AD • Azure AD doesn’t natively support CBA • Federation enables CBA as primary or secondary factor • ADAL enables “non-browser” applications to support it • EAS-based bypass now supported • Token revocation is an issue • Configure Azure AD trusted certificate authority • Make sure issuer and serialnumber claims are included in the token • Make sure CRL is accessible externally • Prompt=login behavior and service-side bypass • Remember CBA can be used as 2FA! • Bypasses 2FA requirements 39
40 Slide 40 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS in Windows Server 2016 • Still some advantages over PTA • Seamless SSO support across protocols (‘prompt’, ‘login_hint’ & ‘domain_hint’) • Conditional access, now with simplified syntax (Claims rules => Access control policies) • New/improved options for Passwordless login • Azure MFA as primary • CBA as primary • Device auth as primary • Windows Hello as primary (Hybrid only) • Configurable token lifetime based on device or KMSI • Better handling of token revocation • Support for OAuth 2.0 (including OBO flow), OIDC 2.0, generic LDAP v3 • Improved per-RPT theming/customization 40
41 Slide 41 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Features dependent on MA • Conditional access • Demos if enough time left • Tenant restrictions • Demo if enough time left • PTA/SSO • MAPI/HTTP • Better 2FA support • Better end-user experience • Better control over session lifetimes and revocation 41
42 Slide 42 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Modern auth session at Ignite: https://channel9.msdn.com/Events/Ignite/2015/BRK3136 • MA session slides: https://doc.co/zoZumr • AD FS/Azure AD/Azure MFA Whitepapers: https://www.microsoft.com/en-us/download/details.aspx?id=36391 • Troubleshooting MFA session Summary 42
43 Slide 43 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Questions? | Thank You! • Vasil Michev • vasil@michev.info We’d like to know what you think! Please fill out the evaluation form you received at the registration desk for this session Session recordings and materials: Materials will be available on Office365Engage.com soon 43

Recommended

O365Engage17 - One drive for business deploy, manage, migrate
O365Engage17 - One drive for business deploy, manage, migrateO365Engage17 - One drive for business deploy, manage, migrate
O365Engage17 - One drive for business deploy, manage, migrate
NCCOMMS
 
O365Engage17 - Provisioning O365 Groups
O365Engage17 - Provisioning O365 GroupsO365Engage17 - Provisioning O365 Groups
O365Engage17 - Provisioning O365 Groups
NCCOMMS
 
O365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershellO365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershell
NCCOMMS
 
O365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point appsO365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point apps
NCCOMMS
 
O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365
NCCOMMS
 
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
NCCOMMS
 
O365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data martO365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data mart
NCCOMMS
 
O365Engage17 - Mastering power shell with office 365
O365Engage17 - Mastering power shell with office 365O365Engage17 - Mastering power shell with office 365
O365Engage17 - Mastering power shell with office 365
NCCOMMS
 

Recommended

O365Engage17 - One drive for business deploy, manage, migrate
O365Engage17 - One drive for business deploy, manage, migrateO365Engage17 - One drive for business deploy, manage, migrate
O365Engage17 - One drive for business deploy, manage, migrate
NCCOMMS
 
O365Engage17 - Provisioning O365 Groups
O365Engage17 - Provisioning O365 GroupsO365Engage17 - Provisioning O365 Groups
O365Engage17 - Provisioning O365 Groups
NCCOMMS
 
O365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershellO365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershell
NCCOMMS
 
O365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point appsO365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point apps
NCCOMMS
 
O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365
NCCOMMS
 
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
O365Engage17 - Supercharging Your Productivity and Business with Microsoft Po...
NCCOMMS
 
O365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data martO365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data mart
NCCOMMS
 
O365Engage17 - Mastering power shell with office 365
O365Engage17 - Mastering power shell with office 365O365Engage17 - Mastering power shell with office 365
O365Engage17 - Mastering power shell with office 365
NCCOMMS
 
O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph APIO365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
NCCOMMS
 
O365Engage17 - Microsoft stream the future of video
O365Engage17 - Microsoft stream the future of videoO365Engage17 - Microsoft stream the future of video
O365Engage17 - Microsoft stream the future of video
NCCOMMS
 
O365Engage17 - Troubleshooting Exchange Active Sync Devices
O365Engage17 - Troubleshooting Exchange Active Sync DevicesO365Engage17 - Troubleshooting Exchange Active Sync Devices
O365Engage17 - Troubleshooting Exchange Active Sync Devices
NCCOMMS
 
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricksO365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
NCCOMMS
 
O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!
NCCOMMS
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
NCCOMMS
 
O365Engage17 - Power apps, the developer story
O365Engage17 - Power apps, the developer storyO365Engage17 - Power apps, the developer story
O365Engage17 - Power apps, the developer story
NCCOMMS
 
O365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for BusinessO365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for Business
NCCOMMS
 
O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365
NCCOMMS
 
O365Engage17 - Welcome to Office 365 Engage
O365Engage17 - Welcome to Office 365 EngageO365Engage17 - Welcome to Office 365 Engage
O365Engage17 - Welcome to Office 365 Engage
NCCOMMS
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
NCCOMMS
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
NCCOMMS
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
NCCOMMS
 
O365Engage17 - Microsoft graph the swiss army knife
O365Engage17 - Microsoft graph the swiss army knifeO365Engage17 - Microsoft graph the swiss army knife
O365Engage17 - Microsoft graph the swiss army knife
NCCOMMS
 
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
NCCOMMS
 
O365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminologyO365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminology
NCCOMMS
 
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
NCCOMMS
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
NCCOMMS
 
O365Engage17 - Microsoft flow speed date
O365Engage17 - Microsoft flow speed dateO365Engage17 - Microsoft flow speed date
O365Engage17 - Microsoft flow speed date
NCCOMMS
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
NCCOMMS
 
O365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityO365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 Security
NCCOMMS
 
O365Engage17 - Automating office 365 external sharing
O365Engage17 - Automating office 365 external sharingO365Engage17 - Automating office 365 external sharing
O365Engage17 - Automating office 365 external sharing
NCCOMMS
 

More Related Content

What's hot

O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph APIO365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
NCCOMMS
 
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricksO365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
NCCOMMS
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
NCCOMMS
 
O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365
NCCOMMS
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
NCCOMMS
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
NCCOMMS
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
NCCOMMS
 
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
NCCOMMS
 
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
NCCOMMS
 

What's hot (20)

O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph APIO365Engage17 - Supercharge Your Applications with the Microsoft Graph API
O365Engage17 - Supercharge Your Applications with the Microsoft Graph API
 
O365Engage17 - Microsoft stream the future of video
O365Engage17 - Microsoft stream the future of videoO365Engage17 - Microsoft stream the future of video
O365Engage17 - Microsoft stream the future of video
 
O365Engage17 - Troubleshooting Exchange Active Sync Devices
O365Engage17 - Troubleshooting Exchange Active Sync DevicesO365Engage17 - Troubleshooting Exchange Active Sync Devices
O365Engage17 - Troubleshooting Exchange Active Sync Devices
 
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricksO365Engage17 - Managing exchange online using power shell, tips &amp; tricks
O365Engage17 - Managing exchange online using power shell, tips &amp; tricks
 
O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
 
O365Engage17 - Power apps, the developer story
O365Engage17 - Power apps, the developer storyO365Engage17 - Power apps, the developer story
O365Engage17 - Power apps, the developer story
 
O365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for BusinessO365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for Business
 
O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365
 
O365Engage17 - Welcome to Office 365 Engage
O365Engage17 - Welcome to Office 365 EngageO365Engage17 - Welcome to Office 365 Engage
O365Engage17 - Welcome to Office 365 Engage
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
 
O365Engage17 - Microsoft graph the swiss army knife
O365Engage17 - Microsoft graph the swiss army knifeO365Engage17 - Microsoft graph the swiss army knife
O365Engage17 - Microsoft graph the swiss army knife
 
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
O365Engage17 - Architecting cloud only solutions with office 365, azure, and ...
 
O365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminologyO365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminology
 
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
O365Engage17 - Smart Email Migration Knowing What’s Lurking in the ‘Dark Corn...
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
 
O365Engage17 - Microsoft flow speed date
O365Engage17 - Microsoft flow speed dateO365Engage17 - Microsoft flow speed date
O365Engage17 - Microsoft flow speed date
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
 

Similar to O365Engage17 - Modern authentication for the office 365 administrator

SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft GraphSPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
Sébastien Levert
 
O365Engage17 - Extending power apps and microsoft flow with custom code
O365Engage17 - Extending power apps and microsoft flow with custom codeO365Engage17 - Extending power apps and microsoft flow with custom code
O365Engage17 - Extending power apps and microsoft flow with custom code
NCCOMMS
 
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
Sébastien Levert
 
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft GraphSharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
Sébastien Levert
 

Similar to O365Engage17 - Modern authentication for the office 365 administrator (20)

O365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityO365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 Security
 
O365Engage17 - Automating office 365 external sharing
O365Engage17 - Automating office 365 external sharingO365Engage17 - Automating office 365 external sharing
O365Engage17 - Automating office 365 external sharing
 
O365 saturday: How to (remote) control office 365 with windows azure-slideshare
O365 saturday: How to (remote) control office 365 with windows azure-slideshareO365 saturday: How to (remote) control office 365 with windows azure-slideshare
O365 saturday: How to (remote) control office 365 with windows azure-slideshare
 
Sps toronto introduction to azure functions microsoft flow
Sps toronto introduction to azure functions microsoft flowSps toronto introduction to azure functions microsoft flow
Sps toronto introduction to azure functions microsoft flow
 
Office Add-ins community call-March 2019
Office Add-ins community call-March 2019Office Add-ins community call-March 2019
Office Add-ins community call-March 2019
 
TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...
TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...
TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...
 
1 App for Consumer and Enterprise
1 App for Consumer and Enterprise1 App for Consumer and Enterprise
1 App for Consumer and Enterprise
 
Introduction to AngularJS with the Microsoft Graph
Introduction to AngularJS with the Microsoft GraphIntroduction to AngularJS with the Microsoft Graph
Introduction to AngularJS with the Microsoft Graph
 
SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft GraphSPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph
 
Windays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with AzureWindays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with Azure
 
Microsoft Flow advanced: tips, pitfalls, problems and warnings to be known be...
Microsoft Flow advanced: tips, pitfalls, problems and warnings to be known be...Microsoft Flow advanced: tips, pitfalls, problems and warnings to be known be...
Microsoft Flow advanced: tips, pitfalls, problems and warnings to be known be...
 
Exchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerExchange 2016 & Office Online Server
Exchange 2016 & Office Online Server
 
Fast Track Your Office 365 Deployments with OneLogin
Fast Track Your Office 365 Deployments with OneLoginFast Track Your Office 365 Deployments with OneLogin
Fast Track Your Office 365 Deployments with OneLogin
 
Lifecycle management with office 365 tools only
Lifecycle management with office 365 tools onlyLifecycle management with office 365 tools only
Lifecycle management with office 365 tools only
 
O365Engage17 - Extending power apps and microsoft flow with custom code
O365Engage17 - Extending power apps and microsoft flow with custom codeO365Engage17 - Extending power apps and microsoft flow with custom code
O365Engage17 - Extending power apps and microsoft flow with custom code
 
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
SharePoint Saturday Cape Town - Introduction to AngularJS with the Microsoft ...
 
Custom dev o365
Custom dev o365Custom dev o365
Custom dev o365
 
O365Engage17 - Real World Power Apps and Flow
O365Engage17 - Real World Power Apps and FlowO365Engage17 - Real World Power Apps and Flow
O365Engage17 - Real World Power Apps and Flow
 
2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services
 
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft GraphSharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft Graph
 

More from NCCOMMS

More from NCCOMMS (20)

O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
 
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick BakkerO365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
 
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper OosterveldO365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
 
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis JugoO365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
 
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis JugoO365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
 
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul HuntO365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
 
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
 
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
 
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi RoineO365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
 
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna LinsO365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
 
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna LinsO365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
 
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
 
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfO365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerO365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
 
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van RousseltO365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
 
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise FreeseO365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

O365Engage17 - Modern authentication for the office 365 administrator

  • 1. 1 Slide 1 Modern authentication for the Office 365 administrator Vasil Michev
  • 2. 2 Slide 2 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 About me 2 Vasil Michev vasil@michev.info https://www.linkedin.com/in/michev/ www.michev.info/blog MS Cloud strategist @ QUADROtech Office Servers and Services MVP
  • 3. 3 Slide 3 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The need for Modern authentication • Cloud – access from anywhere • BYOD – access on any device • Consumerization of IT – proper UI • Access to lots of 3rd party apps • Interoperability with 3rd party ID providers (IDaaS) • ‘Traditional’ demands for security with 2FAs • Microsoft’s answer – Azure AD and Modern auth/apps 3
  • 4. 4 Slide 4 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - 2010 (federated ID) 4
  • 5. 6 Slide 6 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - 2013 6
  • 6. 7 Slide 7 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 The journey so far - Office & ADAL 7
  • 7. 8 Slide 8 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Set of standards-based, open-source APIs • OAuth 2.0 (authorization) • OpenID Connect (authentication) • OrgID => EvoSTS (transparent to end users) • Client side uses ADAL (with MSAL now in preview) • MSOIDCRL => ADAL (OAuth based auth stack) • Cross-platform support • Support for 3rd party (STSes + directories + 2FAs +…) • Enables Conditional access, PTA, B2B, B2C, … What is Modern Authentication 8
  • 8. 9 Slide 9 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Unified experience across apps • No more basic auth for Outlook! • Unified experience across devices • Support for user consent • Support for 3rd party STSes • Support for access and refresh tokens • Support for 2FA solutions across apps • No more app passwords! Why Modern Authentication? 9
  • 9. 10 Slide 10 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 How to enable Modern auth (and disable legacy) • Exchange Online: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true • SharePoint Online: enabled by default • Skype for Business Online: Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed • Office software requirements (March 2015 and later for 2013 MSI) • Disable legacy auth: • For SPO: Set-SPOTenant -LegacyAuthProtocolsEnabled $false • For all others: Use AD FS claims rules where possible • Disable App passwords! 10
  • 10. 11 Slide 11 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Modern Auth and on-premises infrastructure • Exchange server: under development • Skype for Business server: supported*, requires AD FS https://technet.microsoft.com/en-us/library/mt710548.aspx • SharePoint server: not supported*** • Can be a problem for organizations that rely on AD FS claims rules • All traffic is now on the passive endpoint (/adfs/ls) • The X-MS-Forwarded-Client-IP* and X-MS-Client-Application claims no longer added • x-ms-client-user-agent can still be used (can be spoofed!) • But you can force MFA as all traffic is Passive • Conditional access in Azure AD is viable workaround, but requires Azure AD Premium • Seamless SSO still requires smart links or similar 11
  • 11. 12 Slide 12 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Unified experience across Office apps • No more basic auth for Outlook! • No more app passwords! • Token persists across (Office) apps! (not across devices) • Does not configure profiles automatically (but will reuse token)! • Same experience in other ADAL-enabled apps • Same experience across apps on different devices • Same experience with other 2FA methods • Known issues: SfB/EWS interop; multiple users/tenants… Client experience 12
  • 12. 13 Slide 13 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Windows Mac OS X Windows Phone iOS Android Office clients Office 2013*/Office 2016 Office 2016 for Mac Supported Supported Supported Skype for Business Supported Supported Supported* Supported* Supported* Outlook Office 2013*/Office 2016 Outlook 2016 for Mac Supported Supported Supported ODfB ODfB NGSC Office 2013*/Office 2016 Supported Supported Supported Supported Supported Legacy clients No support for Office 2007/2010 No support for Office 2011 for Mac No support for Windows Mobile 7 No support for OWA for mobile Groups/Teams Planner/Yammer N/A N/A Supported Supported Supported Office 365 Admin app N/A N/A Supported Supported Supported RMS sharing app/AIP client Supported Supported Supported Supported Supported Current list of ADAL enabled apps 13
  • 13. 14 Slide 14 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Unified experience across apps (Outlook) 14
  • 14. 15 Slide 15 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Unified experience across devices (WP) 15
  • 16. 19 Slide 19 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • IDCRL was caching credentials instead • EvoSTS tokens different than OrgID ones • Token lifetimes • Access token: 1 hour (short-lived) • Refresh token: default 14 days, up to 90 days with use • Lifetime configuration is consistent across services/applications • Having a token means you bypass any 2FA! • Changing network location does not invalidate tokens! • What can invalidate a token? • Conditional Access Policies • Password change events (reset, admin reset) • Admin control • OIDC adds the ID token (gives info about the user) Support for access and refresh tokens 19
  • 17. 20 Slide 20 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Access/refresh token exchange 20 Note there is no AD FS box!
  • 18. 21 Slide 21 Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Follow us: #O365ENGAGE17 Token revocation and lifetime control At GA Preset token lifetimes • Access token: 1 hour • Refresh token: 90 days Access tokens cannot be revoked Refresh tokens revoked via: • Password reset for cloud users • Conditional access • s At present Configurable token lifetimes • Access token: 10 mins to 1 day • Refresh token: 10 mins to 90 days* Access tokens cannot be revoked Refresh tokens revoked via: • PowerShell (Revoke-AzureADUserAllRefreshToken) • Conditional access • For synced users: pwdLastSet attribute • For federated users: Password changes Account disabled or deleted Downgrade of device state (Compliant => Managed => Registered) 21
  • 19. 22 Slide 22 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 PowerShell modules with ADAL support • Azure AD (and Preview) • WAAD (MSOnline) • Exchange Online • Skype for Business Online • SharePoint Online • SharePoint PnP • AADRM (Azure Information Protection) 22
  • 20. 23 Slide 23 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 PowerShell modules with ADAL support 23 MFA status Pass credentials Pass token Bypass MFA on trusted location Azure AD Supported Supported Supported Supported Exchange Online (legacy) Not supported N/A N/A Not supported Exchange Online (MFA module) Supported Not supported Not supported* Supported Security and Compliance Center Not supported N/A N/A Not supported SharePoint Online Supported Supported*** Not supported Not supported SharePoint Online PnP Supported Supported*** Not supported Supported Skype for Business Online Supported Supported*** Not supported* Supported AIP/AADRM Supported Supported Supported Supported Azure Supported Supported Supported Supported * workarounds exist
  • 21. 24 Slide 24 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 ExO PowerShell and MFA Demo • It’s still a Remote PS session • Same configuration and Language mode • Different Connection URI! • But same old Basic auth • Or is it? 24 Still a remote PowerShell session Still NoLanguage Mode  This is new? This is not And this is an access token!
  • 22. 25 Slide 25 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 SfBO PowerShell Demo • UserName parameter is mandatory • Does not automatically import the session • Different method – “oauth” as username • Token not cached (no entry in the PS TokenCache) • Token validity 8h • Cannot renew token • Passing credentials object bypasses MFA • but doesn’t solve any of the above… 25
  • 23. 26 Slide 26 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Automate MFA PowerShell connectivity • Configure Trusted IPs for bypass • Combine it with passing creds for modules like Azure AD • Get the token programmatically and pass it • Not all modules support this • Exposed ADAL methods do not return refresh tokens • PowerShell sessions do not share the same token (cache) • Even if you get refresh token, no methods to get new access one • Auto-load the ExO Module • Different implementation for different modules • Session still breaks as often, and some sessions don’t even renew… 26
  • 24. 27 Slide 27 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 What about EWS? • EWS always uses legacy authentication • For federated users, it goes on the active endpoint • If the user has 2FA, request fails • If the user is enforced for Azure MFA, app password flow kicks in! • Request never reaches the on-prem AD FS • Authenticate to ExO EWS via Oauth • Register Azure AD application • Grant OAuth permissions • Acquire token and connect • Respects Impersonation permissions in ExO 27
  • 25. 28 Slide 28 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Troubleshoot Modern Authentication issues • Always use the latest updates • Lots of Modern auth issues for Office resolved since GA! • MSO.dll, ADAL.dll (responsible for blank windows!) • AD FS updates too! (or 3rd party STS) • For Outlook, make sure MAPI/HTTP is enabled • Clear cached tokens/cookies • Enable Forms auth and "/adfs/services/trust/13/windowstransport" endpoint • Update AD FS claims rules! • Check for prompt=login behavior • Tools: OffCAT/SaRA, Icesdptool, AD FS configuration, ExRCA • Enable logging on the client, check for MSO events • More tips in this session 28
  • 26. 29 Slide 29 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Tokens and cookies • Office apps • Access token stored in registry HKEY_CURRENT_USERSoftwareMicrosoftOfficeXXCommonIdentityIdentities<GUID>_ADAL • Refresh token stored in Credential Store MicrosoftOffice16_Data:ADAL:<GUID> • Clear browser cache/cookies • Skype for Business: credential store, %localappdata%MicrosoftOffice16.0Lync • OneDrive for Business: credential store • PowerShell HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWSMANClientConnectionCookies • Teams: credential store 29
  • 27. 30 Slide 30 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Office 2013 did not support proper 2FA • No more app passwords • Proper 2FA support in Outlook • Token persists across (Office) apps • ADAL is agnostic to the 2FA method used! • Cares only about token • Azure MFA for managed IDs • Azure MFA server for federated IDs • Or any other supported 2FA on-prem • List of solutions Support for 2FA solutions 30 2FA provider Offering Gemalto Gemalto Identity & Security Services inWebo Technologies inWebo Enterprise Authentication service Login People Login People MFA API connector for AD FS 2012 R2 Microsoft Corp. Microsoft Azure MFA and Azure MFA server RSA RSA SecurID Authentication Agent for AD FS SafeNet, Inc. SafeNet Authentication Service (SAS) Agent for AD FS Swisscom Mobile ID Authentication Service and Signature Services Symantec Symantec Validation and ID Protection Service (VIP) Multiple companies Certificate based auth
  • 28. 31 Slide 31 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Free with Office 365 • Easy to configure and manage • Easy to integrate with SaaS apps in Azure • Can be integrated with on-prem LOB apps through Azure AD app proxy • NPS extension for Azure MFA • Reporting, One-time bypass, Suspend, custom caller ID and greeting, trusted IPs, Fraud alert • Before ADAL, relied heavily on app passwords Leverage Azure Multi-Factor Authentication with Azure AD Azure MFA 31
  • 29. 34 Slide 34 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Admin control (fill in/prevent changing phones, limit number of devices, fallback via backup phone or questions) • More methods: 2-way SMS, Oath token • Force/block a method • Integration with AD FS • Granular control via Claims rules/Auth policies • Integration with on-prem apps, VPN, RDS/RDG, IIS • (Optional) Web SDK, Mobile SDK, User portal • MFA for users not in the cloud (+LDAP integration) Azure MFA server whitepaper Azure MFA server 34
  • 30. 35 Slide 35 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Azure MFA server 35
  • 31. 36 Slide 36 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS + Azure MFA server 36
  • 32. 37 Slide 37 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS + Azure MFA server • Control where MFA challenge is performed • Do MFA in the cloud: Set-MsolDomainFederationSettings -DomainName -SupportsMFA $false • Do MFA on-premises: Set-MsolDomainFederationSettings -DomainName -SupportsMFA $true • Make sure AD FS issues or passes claim http://schemas.microsoft.com/claims/authnmethodsreferences • Otherwise a login loop will be caused AAD will add wauth=http%3a%2f%2fschemas.microsoft.com%2fclaims%2fmultipleauthn • Bypass MFA DEMO • Force double-MFA DEMO • MFA for external users • For B2B (can also require double-MFA) • For B2C 37
  • 33. 38 Slide 38 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Azure MFA as additional auth provider in AD FS • Can be used as primary and/or secondary auth • Does not require on-prem Azure MFA server install • Steps to configure are here • Sign-in with verification code from mobile app (Azure authenticator) • Passwordless login! • Call or SMS not supported • User needs to have registered with Azure MFA first • No inline provisioning supported currently • Does not bypass 2FA when used as primary AD FS with Azure MFA as Primary auth 38
  • 34. 39 Slide 39 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Certificate based auth for Azure AD • Azure AD doesn’t natively support CBA • Federation enables CBA as primary or secondary factor • ADAL enables “non-browser” applications to support it • EAS-based bypass now supported • Token revocation is an issue • Configure Azure AD trusted certificate authority • Make sure issuer and serialnumber claims are included in the token • Make sure CRL is accessible externally • Prompt=login behavior and service-side bypass • Remember CBA can be used as 2FA! • Bypasses 2FA requirements 39
  • 35. 40 Slide 40 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 AD FS in Windows Server 2016 • Still some advantages over PTA • Seamless SSO support across protocols (‘prompt’, ‘login_hint’ & ‘domain_hint’) • Conditional access, now with simplified syntax (Claims rules => Access control policies) • New/improved options for Passwordless login • Azure MFA as primary • CBA as primary • Device auth as primary • Windows Hello as primary (Hybrid only) • Configurable token lifetime based on device or KMSI • Better handling of token revocation • Support for OAuth 2.0 (including OBO flow), OIDC 2.0, generic LDAP v3 • Improved per-RPT theming/customization 40
  • 36. 41 Slide 41 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Features dependent on MA • Conditional access • Demos if enough time left • Tenant restrictions • Demo if enough time left • PTA/SSO • MAPI/HTTP • Better 2FA support • Better end-user experience • Better control over session lifetimes and revocation 41
  • 37. 42 Slide 42 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 • Modern auth session at Ignite: https://channel9.msdn.com/Events/Ignite/2015/BRK3136 • MA session slides: https://doc.co/zoZumr • AD FS/Azure AD/Azure MFA Whitepapers: https://www.microsoft.com/en-us/download/details.aspx?id=36391 • Troubleshooting MFA session Summary 42
  • 38. 43 Slide 43 Modern authentication for the Office 365 administrator | Vasil Michev | 22 June 2017 14:45 – 16:00 Follow us: #O365ENGAGE17 Questions? | Thank You! • Vasil Michev • vasil@michev.info We’d like to know what you think! Please fill out the evaluation form you received at the registration desk for this session Session recordings and materials: Materials will be available on Office365Engage.com soon 43