PTA, AADJ and the “User must change password at next log on” flag

OK, the title has a whole bunch of acronyms which may not be entirely familiar. Actually…if we’re being really picky I should probably say a whole bunch of initialisms, but that would digress into a whole different article when a perfectly good Wikipedia article already exists for that. 🙂 Anyway, PTA is the accepted short form… Read More »

How to change the token lifetime for a SAML 2.0 application with Azure Active Directory

Configurable token lifetimes for Azure Active Directory (AAD) have been available for while now, although the feature is still in public preview.  This article provides details of how to create an access token lifetime policy and how to apply it to an application federated with AAD using SAML 2.0. Before we get started with this, we need to ensure… Read More »

How to modify the AWS Console timeout with Azure Active Directory SAML

This article describes how to configure Azure Active Directory as the SAML Identity Provider (IdP) to change the default AWS Console timeout from 1 hour to a different value. It seems there has been a lot of discussion about how to change the timeout and there is no clear documentation from AWS how to achieve… Read More »

Exchange Online PowerShell Module and Execution Policy

I’ll get to the problem with Powershell Execution Policy shortly, but first a bit of background… If your AAD/O365 admin accounts are configured for multi-factor authentication (which they should be, because it’s free), you will likely be familiar with the Exchange Online PowerShell Module, which is designed to work with MFA.  Getting to the Module… Read More »

Blog is 10 years old

I got caught by surprise earlier today when I was looking at some of my older blog posts. It turns out my first entry was on the 10th March 2008. Happy 10th birthday Open a Socket! Thanks to all of you who have supported me over the years with comments, words of encouragement, and for keeping… Read More »

How to extract a list of mailboxes from an Exchange mailbox migration batch

Actually, this is more of a question than answer – although I have an answer of sorts, albeit far from elegant. I’ve been scheduling some batch onboarding mailbox migrations from a hybrid environment with Exchange 2010 to Exchange Online.  The batch process is pretty straightforward, but I haven’t found an easy way to dump the… Read More »

How to suppress Skype for Business attribute synchronisation in Azure AD Connect

I recently had a challenge with a customer that had on-premises Skype for Business (SfB) and were looking to migrate to SfB Online. They did not want to federate the two infrastructures, but instead wanted to undertake a re-pointing of users at a given point in time by modifying the DNS records. When they introduced… Read More »