External authentication providers in AD FS

Quick note that Jen Field, a Program Manager in the AD team has posted a great set of articles on authentication providers in AD FS in Windows Server 2012 R2 including MFA and how to build your own. There are 3 great articles: Overview of MFA in AD FS in Windows Server 2012 R2 Build…


FIM 2010 R2 update: additional connectors available

Hi all Quick update on FIM connectors for 2010 R2 … Update to Generic LDAP Connector We have published an update to the Generic LDAP Connector adding support for some additional LDAP directories, see http://support.microsoft.com/kb/2936070/ General Availability of PowerShell Connector The PowerShell Connector can be used to communicate with a system through PowerShell scripts. This…


Channel 9 Edge Show – Hybrid Identity

A short chat I had with @simonster on Hybrid Identity earlier this week. This blog is not formatted well for embedded video, so follow the link   https://channel9.msdn.com/Shows/Edge/Edge-Show-94-Hybrid-Identity A.


Workplace Join for Windows 7

Just a quick note about the just released Workplace Join for Windows 7.  You can read all the details here and download from here. Workplace Join for Windows 7 is for domain joined machines, which means that we support the Professional SKU and above. There is also no UI for Workplace Join on Windows 7,…


Hybrid Identity at TechEd North America, Houston May 12-15

Hi all Now that the TechEd sessions are live, here is a summary of the Hybrid Identity sessions and labs.  Most are in the People-centric IT track where Identity lives, however there are some that have landed in other tracks for various reasons. All of my sessions: Adam Hall  Breakout sessions FDN02 Enabling Enterprise Mobility…


Understanding identity Sync versus Federation when adopting cloud services

Hi all I have a lot of conversations, on a daily basis, about identity … on-premises, in the cloud and hybrid models.  These mostly revolve around the gory details of on-premises identity realms, or customers adopting cloud services such as Office 365 and Windows Intune. One of the first questions I ask is:  “Where are…


How to export the AD FS token-signing certificate with PowerShell

It's not something you need to do very often (an example is you need this when setting up SharePoint for claims based auth with AD FS) but there is no cmdlet to do this. So here is the PowerShell to export the AD FS token-signing certificate. A. $certRefs=Get-AdfsCertificate -CertificateType Token-Signing $certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert) [System.IO.File]::WriteAllBytes("c:\foo.cer", $certBytes)  


Going to MMS? See you there!

Hey team, so MMS is just a few short sleeps away (9 for me, maybe a few more for you), so it’s that time when I list out the sessions I’m involved in. MMS is always a blast, and this year will be no different!  Here’s my agenda: The Keynote, always the keynote … I’ll…


DirectAccess, Dynamic Access Control and Rights Management

We run a hands-on-lab which steps you through the configuration and deployment of DA, DAC and RMS.  I have captured a click-through demo of this live environment and recorded a video of it being done. For your viewing pleasure, enjoy         A.


Demo DirectAccess in a virtual environment

I was setting up DirectAccess in a demo lab last week, and struck what is in hindsight an obvious issue, but at the time I sat there thinking … huh? I deployed and configured DirectAccess, completely standard using the wizard, got all green status on the Dashboard and then found that the connection was not…