Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V


Azure AD

Azure RMS behavior on SharePoint Online

What will the user see if he puts a Azure RMS protected file on SharePoint online?


  • Azure RMS account and document owner:
  • SharePoint Online accont:
  • Document shared with read only
  • Do not worry about language (you can get this software in your language)

Here is what happens:

protected file in SPO
In a sharepoint site
RMS blocker
IRM (Azure RMS) disclamer. So NO Office webapps
file opening prompt
Normal open prompt
Checking for RMS client (you must have this)
opening prompt for creds
If you are not logged in, you need to do so
proper creds
Modern login
mfa challenge
MFA gateway for access
my premissions
Your current access credentials
denied access
If yo do not have access then the owner will get this mail.



MDM enrollment with Azure AD Join

This is how you both join Azure AD and enroll for MDM. Your admin need to have configured Automatic MDM enrollment into intune over at for this to work.
1 - system2 - aad join

3 - notification
Disclamer from Windows
4 - login
Note how my icon and text have been pulled Down from Office 365
5 - mfa loading
Azure MFA gateway
6 - custom policy approvment screen
Customizable Policy template for Your org

7 - org check

8 - spell check
Despite the translation error, all is okay now.



Enable Azure MFA on Outlook 2016 with ADAL for Exchange Online

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords there are one thing you need to do.


ADAL for Exchange Online is Off by default turn it on here: How to turn on ADAL for Exchange Online


  1. Allow scripting

    • Set-ExecutionPolicy RemoteSigned
  2. Run Windows Powershell and Connect to Office 365.

    • $UserCredential = Get-Credential
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential
    • $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session
  3. Check if ADAL is on

    • Get-OrganizationConfig | fl *Oauth*
  4. If ADAL is off, here is how to enable it

    • Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
  5. Close Your session

    • Remove-PSSession $Session
 Now, for me I had to wait 48 hours for this to work. I also installed a fresh Version of Office 2016 Click to Run from Office 365


Enable Azure MFA for your user in

Click here to see: This is how Outlook Click to Run behaves with Azure MFA turned on

Thanks to MS Exchange Org for some great tutorials.



Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover
Without modern auth enabled on Office 365 and Outlook your users will be stuck here


When you have enabled MFA on your Exchange Online Tenant this is what will happen:

2 - modern auth prompt3 - mfa prompt in outlook 2016


Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account
User needs to Select Office 365 for Azure MFA
2 - add user
User needs just now to enter his UPN, it can not be username
3 - autodiscover looks for your account
If it fails here then Autodiscover is broken.
4 - enter password
Observe that the mail app has pulled Down my Company details including logo and custom text
5 - Azure AD MFA calls
Right now yor phone would ring or you would get a sms/app challenge
6 - account added
Thats it
7 - policies
Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security
8 - mail recieved
You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down



Azure AD password reset Windows Phone 10 behavior

What happens on your Windows Phone when you reset your Azure AD Password?

This happens on Windows Phone 10 Outlook:

You get a settings out of date notification
There is a triangle next to your account. Click it
Password dialog box
Type your password



Outlook 2016 behavior when you ENABLE Azure MFA

Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.

Spoiler warning: Nothing happens, YET.

Here is how Outlook 2016 behaves when you activate Azure MFA for your Account.

1 - mfa on
AZURE MFA portal
2 - fresh outlook 2016
Fresh Outlook boot

3 - add account4 - user entered5 - searching for autodiscover

6 - credential popup
Normal login
7 - enter pwd
standard password
8 - success
9 - read email
mail approved




Add my Machine to Azure AD out of the box

If you are setting up a new machine and you have Office 365, Azure AD, Intune or CRM why not Azure AD join it and get all the benefits!?10 - Azure AD Enrollment

9 - Azure AD Enrollment

8 - Azure AD Enrollment
or who manages your PC?

7 - Azure AD Enrollment

6 - Azure AD Enrollment
Supports ADFS ofcourse

5 - Azure AD Enrollment

4 - Azure AD Enrollment

3 - Azure AD Enrollment2 - Azure AD Enrollment1 - Azure AD Enrollment

11 - Azure AD Enrollment
notice here who Printer, Network Drives and WiFi settings have been pushed!

Here is the whole thing in a Sway:




Weekly Report from Cloud App Discovery

Once you have set up the Cloud App Discovery feature then the service will send admins a weekly report with new apps and a one-button click to start managing them.

Here is what I used last week:

weekly digest
If you click manage appliation then users may log onto these apps with their Azure AD creds

Blog at

Up ↑

%d bloggers like this: