How to change the token lifetime for a SAML 2.0 application with Azure Active Directory

Configurable token lifetimes for Azure Active Directory (AAD) have been available for while now, although the feature is still in public preview.  This article provides details of how to create an access token lifetime policy and how to apply it to an application federated with AAD using SAML 2.0. Before we get started with this, we need to ensure… Read More »

How to modify the AWS Console timeout with Azure Active Directory SAML

This article describes how to configure Azure Active Directory as the SAML Identity Provider (IdP) to change the default AWS Console timeout from 1 hour to a different value. It seems there has been a lot of discussion about how to change the timeout and there is no clear documentation from AWS how to achieve… Read More »

Exchange Online PowerShell Module and Execution Policy

I’ll get to the problem with Powershell Execution Policy shortly, but first a bit of background… If your AAD/O365 admin accounts are configured for multi-factor authentication (which they should be, because it’s free), you will likely be familiar with the Exchange Online PowerShell Module, which is designed to work with MFA.  Getting to the Module… Read More »

Blog is 10 years old

I got caught by surprise earlier today when I was looking at some of my older blog posts. It turns out my first entry was on the 10th March 2008. Happy 10th birthday Open a Socket! Thanks to all of you who have supported me over the years with comments, words of encouragement, and for keeping… Read More »

How to extract a list of mailboxes from an Exchange mailbox migration batch

Actually, this is more of a question than answer – although I have an answer of sorts, albeit far from elegant. I’ve been scheduling some batch onboarding mailbox migrations from a hybrid environment with Exchange 2010 to Exchange Online.  The batch process is pretty straightforward, but I haven’t found an easy way to dump the… Read More »

How to suppress Skype for Business attribute synchronisation in Azure AD Connect

I recently had a challenge with a customer that had on-premises Skype for Business (SfB) and were looking to migrate to SfB Online. They did not want to federate the two infrastructures, but instead wanted to undertake a re-pointing of users at a given point in time by modifying the DNS records. When they introduced… Read More »

How to resolve ‘The RPC server is unavailable’ error when enabling Seamless Single Sign-On

I hit this problem while working with Azure AD Connect at a customer earlier this week.  The situation was that AAD Connect had already been configured with Pass-Through Authentication, which was working as expected.  The next step was to enable Seamless Single Sign-On, but this failed with the following: ‘Failed to create single sign-on secret… Read More »

Delegate administration to partners using Azure AD B2B Collaboration

This post provides a quick introduction to the features available with Azure Active Directory Business to Business (B2B) Collaboration – currently in Public Preview.  I’ll cover how to add someone outside your organisation to your Azure AD instance, as well  as how to assign administrative privilege over the Azure subscription to the external partner through RBAC… Read More »