Defender Performance Tuning
Defender Deployment Tool
QR Phishing with MDO
How to map AAD Groups to MDE Device Groups
Install MDE with SaltStack
MDI Learning Periods
O365 MFA vs Azure AD MFA
As a Technical Solutions Professional at Microsoft who covers Identity and Security I get a lot of questions about Office 365 MFA vs. Azure Active Directory MFA around the differences, benefits, and what I suggest. Customers always assume because I concentrate on the EMS stack Microsoft offers (Intune, Azure AD, Azure Information Protection) I recommend Azure AD MFA over Office 365 MFA, but the reality is when customers really compare the experiences they will almost always go with Azure AD MFA.
SAML Security Vulnerability
Duo Labs announced on Feb 27th that it had discovered a [security vulnerability](https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations) in some SAML SSO providers. The outline of their public post showed how an attacker could authenticate so a SAML SSO provider, and then manipulate the SAML response to allow them to impersonate a user based thanks to different canonicalization algorithms.
ADFS:Certificate Authentication and A Dirty Certificate Store
I often support ADFS configurations that are used to enable Client Certificate Authentication. Typically, these deployments are straight forward - we have certificates that cover the URLs ([sts url] and certauth.[sts url] see [this article](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements) for more details), we enable the client certificate authentication and it works.
Azure - PowerShell Capabilities I Love
I use Azure for Development and Testing very heavily with my job as a consultant for Microsoft. Since most of my work is done deploying systems On-Premises I usually have to build environments for testing of deployment scripts etc. This means I have the option to go through the Azure Portal and create machine after machine, or I can use PowerShell to script these processes. As such I have gone through many of the IAAS PowerShell commands and thought I would share some of my commonly used commands.
Another Change
You may have noticed that the site look and feel has changed. I felt it was about time to get a new theme on the blog since much has recently changed. For those that didn’t know I began working directly for Microsoft at the end of June 2015. As I continue to grow professionally I have decided it is time forme to spend a greater amount of time focusing on Identity and to begin to move away from my focus in SharePoint. The wonderful thing about identity is that I won’t actually leave SharePoint, but now my focus will be on WHO is accessing the portal. I also get the opportunity to expand my technology base into Skype for Business, CRM, Mobile Apps, basically any and every technology you can think of. I’m excited about this change and I hope to share lots of new information with everyone. As always, come back often and if you have questions always reach out.
How to Fix the SharePoint Modified Date to use Date and Time
If you've started using SharePoint 2013 you probably noticed that Microsoft changed the way they present the Modified value. In SharePoint 2010 the Modified field showed a Date/Time stamp, but in SharePoint 2013 the Date/Time is replaced with something like "3 minutes ago". Personally I like this, but some users may not and the Date/Time stamp may be really important especially for Legal Departments or other Audited applications.
Client Side Rendering of Form Fields
I've been working on a site migration from SharePoint 2010 to SharePoint 2013 and a lot of what we did in 2010 was to customize forms the user interacts with. One of the requirements we had was to ensure a Project Name and Project Alias field did not contain the same information. In SharePoint 2010 this had been done by adding some JavaScript to the page, grabbing each control by HTML Element ID, and then comparing their values. When we migrated these fields all got new HTML Element IDs so our validation logic was broken.
Hero Blog Post of the Day
I was working on a project today where I need to dynamically create a MS Word Document, save it to a SharePoint library, and then present the document to the user for editing. My first attempt was to create an IFrame that would redirect to the document once it was created, but this would only open the document in 'Read Only' Mode.
AngularJS Module for Azure Mobile Services
A few months back a coworker introduced me to AngularJS as an alternative to using KnockoutJS. Around the same time Microsoft was pushing a bunch of videos and "How To's" on the Azure Mobile Services. After walking through the AngularJS tutorial and playing with the Azure Mobile Services "To Do" Demo I decided it would be interesting to mesh these two items together, use AngularJS in the UI to communicate with Azure Mobile Services for data storage, and who know what else in the future.
More About Managed Metadata
I recently had more fun with setting Managed Metadata values in SharePoint 2010. This time as part of an event receiver during the Item Adding, Item Updating, and Item Updated events. (There are interesting event ordering challenges which lead to using all of these events, but that is not the focus of this blog.) The challenge I faced was copying values from a Document Set down to documents that were being created/uploaded to the list. Normally, using Shared Properties would negate this but because we wanted use to edit the Managed Metadata Values in the Document Information Panel we could not use shared values because the Document Set would immediately overwrite any changes made to the document. Instead we created an Event Receiver to manually handle the updates from the Document to the Document Set, and from the Document Set to the child documents.