How to change the ADFS Farm WID Sync Port

Standard

The last couple of weeks I was involved in deploying a new Active Directory Federation Services (ADFS) 2016 at a customer. This customer had planned to use a ADFS farm of 4 hosts ADFS servers and 4 ADFS proxy nodes, The ADFS servers were using the Windows Internal Database synchronization between the ADFS nodes to sync the configuration. This synchronization sends unencrypted traffic over port 80 to the other ADFS nodes. The information which is send is only configuration data of the ADFS environment and not usernames and passwords. Bit still the information is send over HTTP to the other ADFS nodes. Since this configuration was not acceptable for the customer we needed to change the configuration. In this blogpost I want to share what actions we performed to change the ADFS configuration. Since this information is not completely documented at this moment I tried to share this information.
Continue reading

Configure Trusted Sites in Internet Explorer Through a MDM Deployed GPO

Standard

With Windows 10 1703 (Creators Update) we now have the possibility to configure settings through a MDM deployed Group Policy Object. In this blogpost I explained how to configure the App-V client with these new capabilities. Within this blogpost you can also find the basics about deploying a GPO through a MDM solution. Since my preffered MDM solution is Microsoft Intune my blogposts will only cover the steps needed to configure these settings through Microsoft Intune. In this blogpost I want to cover the scenario to configure the Trusted Sites on a Windows 10 1703 machine through a MDM deployed GPO.

Continue reading

Using AzureAD Conditional Access to block a Native App

Standard

Last week I was asked to research a scenario where the customer wants to block the use of a native app and only want to allow the browser experience from compliant devices. My first answer was that this was difficult to implement. But after looking into AzureAD Conditional Access it was relative easy to configure. In this series of blogposts I’m using Microsoft Teams as an example. I’m focusing on these scenario’s: The first scenario is blocking the Microsoft Teams Native App and only allow browser access to Microsoft Teams and the second scenario is to only allow the Microsoft Teams app and blocking the browser access.

Continue reading

App-V 5.1 Note-to-self’s

Standard

Last week I installed a fresh new App-V environment. With this short blogpost I want to share 2 configuration ‘note-to-selfs’ which I encountered during the installation and configuration. Both are really obvious configurations but it took me some time to discover the solution. So also for my own reference I want to describe them on my blog.
Continue reading