Month: April 2015

References that AADP will not impact O365

Posted on Updated on

I was recently asked by a customer to provide proof that registering for Azure Active Directory Premium would not cause a production change to their existing O365 implementation. Unfortunately, this is not specifically stated anywhere in Microsoft documentation.  But the references below are what I found which imply that there would not be an impact to the business.

  1. https://msdn.microsoft.com/en-us/library/azure/dn629581.aspx?f=255&MSPPError=-2147217396#BKMK_SubRelationToDir
    1. “Every Azure subscription has a trust relationship with an Azure AD instance. This means that it trusts that directory to authenticate users, services, and devices. Multiple subscriptions can trust the same directory, but a subscription trusts only one directory. You can see which directory is trusted by your subscription under the Settings tab. You can edit the subscription settings to change which directory it trusts.”
    2. “This trust relationship that a subscription has with a directory is unlike the relationship that a subscription has with all other resources in Azure (websites, databases, and so on), which are more like child resources of a subscription. If a subscription expires, then access to those other resources associated with the subscription also stops. But the directory remains in Azure, and you can associate another subscription with that directory and continue to manage the directory users.”
    3. The key evidence is that the directory remains in Azure and will work with other subscriptions (e.g. O365)
  2. https://msdn.microsoft.com/en-us/library/azure/jj573650.aspx?f=255&MSPPError=-2147217396#BKMK_ManageDefaultDir
    1. “There are no costs for using Azure AD. The directory is a free resource. There is an additional Azure Active Directory Premium tier that is licensed separately and provides additional features such as company branding and self-service password reset.”
    2. The key evidence is that AADP is an additional “tier” to Azure AD
  3. http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2014/03/11/what-happens-to-the-data-when-my-trial-expires.aspx
    1. “Trials live in the following phases: 30 days active, 30 days in grace period, 30 days disabled.  Subscription is then deprovisioned”
    2. “Once the final subscription (of any service like Office365 or Intune) is deprovisioned from a tenant, then the countdown starts to where that tenant is then deleted from Windows Azure Active Directory (WAAD).”
    3. The key evidence is that AADP is a subscription (though not directly named in this article dated in 2013)
  4. https://msdn.microsoft.com/en-us/library/azure/dn532272.aspx
    1. Azure AD Premium can be considered as the paid add-ons for Azure AD free edition
    2. Based on article Azure Active Directory Editions, any common features provided by Azure AD free edition will not be changed even if we upgrade free edition to premium edition:
      1. Directory as a service,
      2. User and group,
      3. management using UI or Windows PowerShell cmdlets,
      4. Access Panel portal for SSO-based user access to SaaS and custom applications
      5. User-based application access management and provisioning
      6. Self-service password change for cloud users
      7. Directory synchronization tool – For syncing between on-premises Active Directory and Azure Active Directory
      8. Standard security reports

Tips for Installing ConfigMgr Apps during OSD

Posted on Updated on

Similar to a previous post on 10 Tips for a More Successful Windows Image Build & Capture, this post outlines tips to help you successfully deploy ConfigMgr 2012 R2 Applications during OS deployment for an image build/capture on a workgroup computer.

  1. First, review the top tips for OSD (10 Tips for a More Successful Windows Image Build & Capture)
  2. Second, if your DP is setup for HTTPS, skip to the last step in this sequence
  3. Enable anonymous authentication on the DP properties
  4. Install the latest CU for the ConfigMgr client with the PATCH property
  5. Ensure the Network Access Account (which is also used by workgroup computers to access resources) has been defined and has the appropriate access to the DP resources
  6. Install hotfix KB2522623 as a package – for Win7 SP1
  7. Install hotfix KB2775511 as a package – for Win7 SP1
  8. Command to enable SWDist Agent via command

WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName=”Enable SWDist”, Enabled=”true”, LockSettings=”TRUE”, PolicySource=”local”, PolicyVersion=”1.0″, SiteSettingsKey=”1″ /NOINTERACTIVE

  1. Command to enable PowerShell Scripts: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 1 /f

Command to enable PowerShell ExecutionPolicy: reg add reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v ExecutionPolicy /d Unrestricted /f

  1. Application deployment types: set Content > Deployment options – Download content from DP and run locally
  2. Ensure the property “Allow this application to be installed from the Install Application Task Sequence action” has been enabled (hint: it’s on the General tab for the application’s properties)
  3. Then if all else fails, ditch applications for doing a build and capture…