Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

Enterprise Mobility Suite

End-user signup for Azure Self Service Password Reset

If you want to enable a user for Self Service Password Reset the user need to navigate to one of these endpoints and register his/her phone as a second factor.

Endpoints:

  1. This endpoint verifies your phone and enrolls the user in SSPR: http://aka.ms/ssprsetup
    It does not change your password!
  2. This endpoint resets your password and enrolls the user if his or her phone number is already stored on the user. http://aka.ms/sspr (which points here: http://passwordreset.microsoftonline.com)

 

Here is a screen dump of what the user will have to do:

log-in-to-office-365
Standard Login
routed-to-account-setup-in-azure-ad
You get routed to or enrollment service
verify-phone-number-in-azure-ad
asks to verify your phone (if it is already there) if not you have to enter your phone number
if-phone-is-not-registered
If your phone is not registered in azure AD you see this

 

call-to-verify-azure-ad
Call goes fastest

microsoft-calling-phone

one-factor-is-completed
In Azure AD you select how many factors your users need to setup. I have selected 1
myapps-in-azure-after-registration
This is where you end up

Azure MFA enrollment experience

If you want to enroll for Azure MFA the users need to go through these steps. When you enforce or enable MFA the user will be prompted for MFA enrollment. This is best done in a browser.

First the user need to access any of our endpoint e.g. http://portal.office.com

creds
Office 365 custom logo login

 

mfa prompt
Office 365 MFA enabled

 

input mfa method
Office 365 MFA input phone number

 

contact options
Office 365 mfa methods

 

 

sms
You will get a text message with a code to enter

 

wp_ss_20160902_0001
code on phone

 

Office 365 app password during enrollment
Use this app-password on your native iOS or Android device or old Outlook 2010 instead of your normal password.

 

 

Additional Office 365 MFA options
Press cancel if you feel done. or just navigate to the indended site. e.g. http://portal.office.com

 

Extended Office 365 MFA options
all your MFA options

 

Azure AD access panel for MFA
The user access panel

Here are all of the pictures in a Sway:
https://sway.com/2fNqmpbe5O17F5Ev

What Azure Rights Management Tells You!

A colleague of mine, Ilya  sendt out a Azure RMS protected document. Here is what it looks like for a user of Azure RMS when sharing documents.

http://portal.azurerms.com

Observe the insight and control you have over the information, and at a moments notice you can withdraw access to the document.

The Yellow lines are the last names which have been removed for privacy.

Summary page
Summary page
Global Map View
Wherein the world
Zoomed view USA
Zoomed in on USA
List view
Just a list of everyone
timeline
When did they open it?

 

Notification settings
Get notified once someone opens the document

Removing user access to Azure RMS documents

Scenario:

You share a Azure RMS protected document with one user lg@haukeberg.com. If you now remove that user and add Samsung@haukeberg.com

-> What happens?

NOTHING.

Each share on the file creates a new instance in Azure RMS, hence if you want to remove user lg@haukeberg.com access you need to revoke access to the document completly.

Note: once you revoke access to a document, all the users will loose access.

Hence if the user lg@haukeberg.com quits and you revoke access to a document which also Samsung@haukberg.com has access to then both loose access.

version protection
Observe the individual shared versions of the file

 

Workaround would be to always share a document with as few as possible each time.

Extending an Intune, EMS or Office 365 Trial

Need more time to decide?

Thats okay, if your trial is about to run out simply:

  1. Log on to http://portal.office.com  as an Administrator
  2. Navigate to: Billing->Subscriptions
  3. Find the trial you want to extend and click it
  4. Click Extend and enter a credit card. (It will not be charged)
  5. Click Submit

That’s it, 30 more days

subscriptions

ems licenses extend trial

 

Azure Active Directory and Roaming Profiles

In Windows 10 you can join a machine to Azure AD instead of a local domain.

But

When you join Azure AD your account is given administrator privileges automatically. If you switch users by Ctrl+Alt+Del and Switch user, that user is set as a Standard user.

IMG_20160115_093848

If you do not know who will use the computer, only the first user will be administrator, the rest will be standard users and can not install programs.

IMG_20160115_092644

This action is default and can not be changed. Simply giving machines out to students will result in the first users becoming administrators. If you boot all machines before deployment and log in with your user, that user will be blocked after about 20 devices.

IMG_20160115_091519

 

How to fix this? Take a look at this post: https://haukeberg.wordpress.com/2016/01/18/shared-devices-roaming-profiles-with-microsoft-intune/

 

 

Blog at WordPress.com.

Up ↑

%d bloggers like this: