Welcome to this space where I will be sharing scenarios and features related to Active Directory (AD) and Azure Active Directory (Azure AD). I will touch on areas I own or contribute as part of my Program Management role in the Identity Services Division at Microsoft.
I would love to use this blog as a two way channel where I can hear from you, customers, partners and the broader community, and in so doing, bring feedback directly to the product as we develop new experiences and features.
I will start with areas related to scenarios customers are asking for as I hear in my conversations with you, that I see would be beneficial to address in a broad approach. This includes topics around AD in Windows 10, Microsoft Passport for Work (hint: no passwords), Device Conditional Access, among others, for both the hybrid and on-premises only enterprise.
On a contextual note, I have been with the Active Directory team in both engineering and program management roles since 2005. The following Ignite/TechEd sessions show areas that I have worked on in the past:
AD in Windows 10 @ Ignite 2015: https://channel9.msdn.com/Events/Ignite/2015/BRK3332
Web Application Proxy (AD FS Proxy) @ TechEd North America 2013: https://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B333
Active Directory “tricks-of-the-trade” over a decade @ TechEd North America 2011: https://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/WSV401
One more thing. I have opened a Twitter account to talk about this subject in particular. I’ll post notifications of posts to this blog there. It can also be a great way to start new conversations.
Thank you for reading this far. Let’s start this journey!
Jairo (Twitter: @JairoC_AzureAD)
Fantastic blog, I’ve added it to my RSS feeds as I am sure I’ll be referring to it again in the future.
LikeLiked by 1 person
What’s up to every one, it’s really a pleasant for me to pay a visit this website,
it consists of important Information.
Very insightful article.
However, I have a situation here, although, a digression.
I have configured Windows Hello for Business via the Hybrid-joined, Certificate model. However, users cannot sign on with provisioned PIN, error message is “The Request is not supported”
No errors on ADConnect, THere are 2016 DCs in the Farm, ADFS 2016 is deployed.
What do you think might be outstanding or wrong?
Mayok, are these Azure AD joined or hybrid Azure AD joined devices?
I have seen this error in the past when the KDC certificate is not pushed down to Azure AD joined devices via Intune (or the MDM). Hybrid Azure AD joined devices get this cert automatically (as they are domain joined). Although that is a pretty generic error.
BTW, have you seen the deployment guide we published November last year: https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-deployment-guide ? With both DCs in 2016 and AD FS 2016 you can deploy either cert- or key- trust deployment models. It seems you deployed cert-trust. Just checking whether that was the guidance you used for it.