Skip to main content

Posts Tagged ‘AD FS’

Office 365 – SSL Certificate Maintenance Tasks To Plan For

It should come as no surprise that Office 365, being a secure service, has a number of SSL certificates in play. Some are owned and managed by Microsoft and some, depending on your on-premises components, are certificates that you are responsible for maintaining. Failure to keep track of these certificates could result in an interruption […]

Office 365 – When to Consider a Third-Party Identity Provider

Office 365 offers several different identity options. Well known are the options to use “cloud identities” or directory synchronization from your on-premises Active Directory. For authentication, Microsoft offers the option to use “password hash sync” or Active Directory Federation Services (AD FS) along with your on-premises Active Directory. There is, however, another option when it […]

Office 365 – How to Request a SHA-2 Certificate in AD FS 3.0

Just a quick post today on something that should be more simple than it is… AD FS on Windows Server 2012 R2 (often referred to as “AD FS 3.0”) no longer has a dependency on IIS. One of the common methods used to generate a “Certificate Signing Request” (CSR) is to use IIS on the […]

Office 365 – The Limitations of Alternate Login ID

Back in April of 2014, Microsoft announced a feature called “Alternate Login ID” (sometimes referred to as “Alternative Login ID”). The idea was that instead of changing the UPNs in your on-premises Active Directory, you could use a different value to authenticate to Office 365 and sync that value to the cloud as your login. […]

Office 365 – Using Password Sync as a Backup to AD FS

For organizations that deploy AD FS for single sign-on with Office 365, it is as critical of a component as their on-premises Active Directory. While you may have your mailboxes residing in Exchange Online in the cloud, if your on-premises AD FS is not available, users cannot authenticate to access their mailbox. There are a […]

Office 365 – DirSync Password Sync: Did You Know?

Microsoft added the “Password Sync” option to DirSync in June 2013 and in the past year it has become a viable alternative to AD FS due to its fewer on-premises infrastructure dependencies. The differences between Password Sync and AD FS are well documented elsewhere, the article “Choosing a sign-in model for Office 365” is a […]

Office 365 – Replacing the SSL Certificate in AD FS 3.0

The release of Windows Server 2012 R2 brought with it a new version of AD FS (unofficially referred to as AD FS 3.0). This version of AD FS was a deviation from previous versions in that it no longer used IIS and the “AD FS Proxy” was replaced with the “Web Application Proxy” role. In […]

Office 365 – Configuring AD FS & DirSync with an Alternate Login

When deploying AD FS for Office 365, the ideal deployment scenario is to have the userPrincipalName (UPN) value in Active Directory configured to match the user’s email address; at a minimum, your UPN suffix needs to be a publically routable domain. For many organizations, changing user UPNs is a fairly easily scriptable change with little […]

Office 365 – AD FS Authentication Fails Due To Token Size

As a follow up to last week’s post on an AD FS issue (Office 365 – AD FS Authentication Fails Due To Time Skew), I figured it was a good time to post another AD FS authentication issue I ran across recently. While the word “token” when used with AD FS is generally referencing the […]

Office 365 – AD FS Authentication Fails Due To Time Skew

I’ve run across this issue enough times now that I figured it was worth a short post. It’s a quick reminder to always check the simple things. On several occasions I’ve found AD FS environments where authentication via the internal AD FS servers works but authentication via the AD FS proxy does not. With this […]