Posts Tagged ‘Azure AD’

Recently working on a Proof Of Concept enabling a MAM policy to lockdown and protect an application (Teams) on a device that not enrolled in Intune, and the File Ownership prompt in guides was not appearing.

The Intune License was applied to the user and the user was enabled for  MAM User Scope , and the MAM policy was applied to the User  

However no file ownership still and no encryption of files. Turns out the device has to be joined to the companys Azure AD ( or Local AD and Hybrid ) for this to happen and display the info box

This will show you its enrolled in MAM ( not MDM ) 

After this File Ownership is displayed !

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Outlook 365 2016 Trusted Platform Module error code 80090016Recently a user had their Motherboard swapped out on their laptop. 2 Days Later they could not sign into Outlook.

The error was TPM

This is due to the Laptop falling out of Trust with Azure AD due to TPM chip change

  1. Reset Local Admin Password
  2. Go to Settings . Accounts work or School and Disconnect
  3. Restart PC’
  4. Sign Back into Go to Settings . Accounts work or School

If Intune sign back into Azure AD

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Mimecast Guide

Azure Microsoft Guide

Create a Distribution Group in Office 365, this will be to Add the users to you want enable SSO on , add Users 

Make sure Mimecast is Synced with Office365 AD – Services -> Directory Synchronization ( Connect to 365 ) 

Perform manual sync in Mimecast to download user and group

Azure

On Azure – Got o Azure Active Directory, All Application find:  Mimecast Personal Portal

Next Single Sign-On

Sign on URL : https://au-api.mimecast.com/login/saml

Identifier : https://au-api.mimecast.com/sso/%Customer ID% per Mimecase User Guide

Reply URL : https://au-api.mimecast.com/login/saml

User Identifier : user.mail

Azure AD Properterties : User assignment  required No 

Mimecast

Configuring Mimecast-Personal-Portal for single sign-on

1.In a different web browser window, log into your Mimecast Personal Portal as an administrator.

2.Go to Services > Applications.

3.Click Authentication Profiles.

4.Click New Authentication Profile.

5.In the Authentication Profile section, perform the following steps:

a. In the Description textbox, type a name for your configuration.

b. Select Enforce SAML Authentication for Mimecast Personal

c. As Provider, select Azure Active Directory.

d. In Issuer URL textbox, paste the value of Azure AD SAML Entity ID : https://sts.windows.net/434324324342343242323442/ which you have copied from Azure portal.

e. In Login URL textbox, paste the value of Azure AD Single Sign-On Service URL : https://login.microsoftonline.com/434324324342343242323442/saml2 which you have copied from Azure portal.

f. In Logout URL textbox, paste the value of Sign-Out URL which you have copied from Azure portal.

g. Open your Downloaded Azure AD Signing Certificate (Base64 encoded) in notepad downloaded from Azure portal, copy the content of it into your clipboard, and then paste it to the Identity Provider Certificate (Metadata) textbox.

h. Select Allow Single Sign On.

i. Click Save.

Now Add a New Application Settings to Application and Link the Group you created in the first step to use this New Authentication Profile

Issues

reply address ‘https://au-api.mimecast.com/login/saml’ does not match the reply addresses configured for the application: ‘https://au-api.mimecast.com/sso/’.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)