Using Azure AD Device Code Flow with PowerShell

Azure AD supports OAuth 2.0 Device Flow for Browserless and Input Constraint devices, as described here; Assuming you do not want to, or cannot, use ADAL in PowerShell, you can script this flow entirely in native PowerShell. $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # This is the standard Client Identifier for Windows Azure PowerShell $redirectUrl = [System.Uri]"urn:ietf:wg:oauth:2.0:oob"…

Managing Azure MFA Server with PowerShell

Do you have Azure MFA Server on-premises and want to manage it through PowerShell? Keep reading! If you’re using Azure MFA (completely in the Cloud), this is not for you. Sorry.

Base32 Encoding and Decoding in C#

You might have to do some Base32 Encoding or Decoding in C# (or PowerShell). Here’s a simple .NET implementation in C# you can use! using System; using System.Linq; using System.Text; public static class Base32 { /// <summary> /// The different characters allowed in Base32 encoding. /// </summary> /// <remarks> /// This is a 32-character subset…

OAuth 2.0 Confidential Clients and Active Directory Federation Services on Windows Server 2016

In this blog post, I want to clarify just how you can make your OAuth 2.0 Confidential Client work against Active Directory Federation Services on Windows Server 2016 (AD FS) using different forms of client authentication. Although there is a great article on the Microsoft web on this topic, it doesn’t disclose how you can…

Multiple MFA Prompts connecting to Office 365?

Customers using Active Directory Federation Services (AD FS) to authenticate users accessing Office 365, could be challenged by multiple prompts for Multi-Factor Authentication (MFA). Here is an example of a user trying to access the Office 365 Portal at First, the user gets directed to the Security Token Service (STS) the organization has configured….

Call Azure Resource Manager REST APIs from your .NET Application

Every now and then, you might need to perform actions against the Azure Resource Manager REST APIs from a .NET (deamon) application. A good example could be a probe-like application that needs to change a route in an Azure route table, shutdown or start an Azure Virtual Machine or scale up or down instances. Anyway,…


Using Time-Based One-Time Passwords for Multi-Factor Authentication in AD FS 3.0

I often get the question if it is possible in AD FS 3.0 to use the Google Authenticator as the second factor for authentication. When we read the documentation for the Google Authenticator, we find that this product is actually based on two RFC's. One of these is RFC6238; a Time-Based One-Time Password (TOTP) Algorithm. This…


Microsoft Azure: Connecting multiple VNET’s to a VNET.

UPDATE: Microsoft has implemented VNET PEERING, which makes this article obsolete. For more information about Azure VNet Peering: Introduction Recently, Microsoft has introduced a new feature in Microsoft Azure to allow a direct VPN connection between multiple Virtual Networks (VNets). In this blog post I will explain how to connect multiple VNets to each…


Pre-Provisioning Microsoft Azure Multi-Factor Authentication for Users

If you enable or enforce Azure Multi-Factor Authentication for your users, you will most likely have seen the wizard that user goes through in order to properly provision Multi-Factor Authentication for their account. As an administrator, you might want to ease this process to the end-user and pre-provision Multi-Factor Authentication in Microsoft Azure Active Directory….


Using Windows Azure Active Directory as an Attribute Store in AD FS

More and more of our customers are unleashing the power of Windows Azure Active Directory. This Enterprise-level identity and access management for the cloud is so powerful that most like, I'll be creating more articles on this subject. When you add Azure Active Directory as an Identity Provider, or Claims Provider, in Active Directory Federation…