Domain Names to use with Azure Active Directory

I surfed across to the TechNet Forums again to see what they are up to these days and found the Azure AD forum. I haven’t been active in the Forums for quite some time, but finally found some time to post there again.

One of the questions caught me by surprise. I know that all sorts of organizations look into Azure Active Directory now and incorporate it into their cloud strategies. Usually, these organizations have an Windows AD backend that they use to federate with Azure AD – but apparently not all of them.

The question that I’ve found reads similar to this: “Hi, we have created an Azure AD tenant and are actively using it. Now that we’ve purchased some servers that we want to run locally – on-premises – we need an on-premises Active Directory, too.”

Funny enough, they are doing things the other way around than I’d say 98% of organizations out there leveraging the Microsoft cloud. Ultimately, they’re trying to achieve the same thing: manage identities and leverage on-premises infrastructure as well as cloud resources integrated into Azure AD – which likely leads to federation and directory synchronization.

Read more »

Now there is support for Windows Server 2012 and WMWare VSphere 5.1

It’ll only say it was about time. Took them 12 months to file the Submission to SVVP:

Dynamic Access Control – ACL evaluation

So – here’s another rambing about Dynamic Access Control. It looks like this is becoming one of my favorite topics these days. Or it’s just that  I think it needs the attention. You decide yourself.

Today, I’d like to introduce the process of ACL evaluation on files and folders when DAC is used with them. Things change a little and I thought it’s worth writing about it so you know what to expect when designing your access control with DAC.

So how are ACLs evaluated when DAC is enabled? Essentially, an Access Control List comprises of a number of Access Control Entries (ACEs). An ACE describes the kind of access a security principal gets on a particular object, in our case on File Resources, like in these two examples:

ALLOW READ ACCESS for members of security group CONTOSO\finance [for this folder and all subfolders]

ALLOW READ, WRITE ACCESS for members of security group CONTOSO\finance-admins [for subfolders only]

Read more »

Next Page »