Hello Identity world!

Welcome to this space where I will be sharing scenarios and features related to Active Directory (AD) and Azure Active Directory (Azure AD). I will touch on areas I own or contribute as part of my Program Management role in the Identity Services Division at Microsoft.

I would love to use this blog as a two way channel where I can hear from you, customers, partners and the broader community, and in so doing, bring feedback directly to the product as we develop new experiences and features.

I will start with areas related to scenarios customers are asking for as I hear in my conversations with you, that I see would be beneficial to address in a broad approach. This includes topics around AD in Windows 10, Microsoft Passport for Work (hint: no passwords), Device Conditional Access, among others, for both the hybrid and on-premises only enterprise.

On a contextual note, I have been with the Active Directory team in both engineering and program management roles since 2005. The following Ignite/TechEd sessions show areas that I have worked on in the past:

AD in Windows 10 @ Ignite 2015: https://channel9.msdn.com/Events/Ignite/2015/BRK3332

Web Application Proxy (AD FS Proxy) @ TechEd North America 2013: https://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B333

Active Directory “tricks-of-the-trade” over a decade @ TechEd North America 2011: https://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/WSV401

One more thing. I have opened a Twitter account to talk about this subject in particular. I’ll post notifications of posts to this blog there. It can also be a great way to start new conversations.

Thank you for reading this far. Let’s start this journey!

Jairo (Twitter: @JairoC_AzureAD)

This entry was posted in AD FS, Azure AD Connect, Azure AD Join, Device Conditional Access, Device Registration, Domain Join, Microsoft Passport for Work, On-premises Active Directory. Bookmark the permalink.

4 Responses to Hello Identity world!

  1. Rob says:

    Fantastic blog, I’ve added it to my RSS feeds as I am sure I’ll be referring to it again in the future.

    Liked by 1 person

  2. What’s up to every one, it’s really a pleasant for me to pay a visit this website,
    it consists of important Information.


  3. Mayok says:

    Very insightful article.
    However, I have a situation here, although, a digression.
    I have configured Windows Hello for Business via the Hybrid-joined, Certificate model. However, users cannot sign on with provisioned PIN, error message is “The Request is not supported”
    No errors on ADConnect, THere are 2016 DCs in the Farm, ADFS 2016 is deployed.

    What do you think might be outstanding or wrong?


    • Jairo says:

      Mayok, are these Azure AD joined or hybrid Azure AD joined devices?

      I have seen this error in the past when the KDC certificate is not pushed down to Azure AD joined devices via Intune (or the MDM). Hybrid Azure AD joined devices get this cert automatically (as they are domain joined). Although that is a pretty generic error.

      BTW, have you seen the deployment guide we published November last year: https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-deployment-guide ? With both DCs in 2016 and AD FS 2016 you can deploy either cert- or key- trust deployment models. It seems you deployed cert-trust. Just checking whether that was the guidance you used for it.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s