I am pleased to announce that cloudbuild.co.uk has been listed on the popular Feedspot website as one of the Top 50 Microsoft Azure Blogs, Websites and Influencers in 2020!
It’s news like this which drives us to work harder to document and share information with others. Thankyou very much to all involved at Feedspot. Keep up the great work.
2020 has been a difficult year for all of us around the World, but this did not stop us from posting and sharing information. We managed to publish over 50 posts in the year 2020. We hope that the posts have been beneficial to you.
We also launched a new website to help support and grow the Azure community. Please check out the website at AzureCrazy.com
If you have not already subscribed to our website, please subscribe and we’ll send you a weekly update of all the latest posts. We will never send you spam or forward your email address to third parties.
Azure Active Directory (Azure AD) self service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If a user’s account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can’t sign in to their device or an application.
With Azure Active Directory (Azure AD) self service password reset (SSPR), users can update their password or unlock their account using a web browser. Please note that in a hybrid environment where Azure AD Connect is used to sync accounts from Active Directory to Azure AD, this scenario can cause passwords to be different between the two directories if password write back is not enabled. Password write back can be used to synchronise password changes in Azure AD back to your on premises Active Directory environment. Azure AD Connect provides a secure mechanism to send these password changes back to an existing on premises directory from Azure AD.
The password reset feature includes a set of capabilities that allow users to manage any password from any device, at any time, from any location, while remaining in compliance with company security policies.
In this blog post, I will go through the process of enabling password write back within Azure AD Connect, enabling self service password reset for a group of Azure AD users, go through the authentication methods and registration options.
Login to your Azure AD Connect Server if you’re syncing your Active Directory accounts to Azure AD
2. Enabled Password Write Back in Azure AD Connect and save settings
3. Let’s confirm Azure AD has picked up the change
4. Login to the Azure Portal portal.azure.com
5. Click Azure Active Directory or locate via the search box
6. Click Password Reset located in the left menu
7. Click On-premises integration
8. Done, see screen shot below.
Notice the additional option to allow users to unlock accounts without resetting their password. This feature designates whether or not users who visit the password reset portal should be given the option to unlock their on premises Active Directory accounts without resetting their password. By default, Azure AD will always unlock accounts when performing a password reset, this setting allows you to separate those two operations. If set to yes, then users will be given the option to reset their password and unlock the account, or to unlock without resetting the password. If set to no, then users will only be able to perform a combined password reset and account unlock operation.
I have left the default settings
9. Now, let’s enable self password reset, click Azure Active Directory and click password reset
10. The password reset feature is disabled by default
11. I will be clicking selected and applying the policy to a security group named CloudBuildPR. Click select
12. Click Save
13. While in the password reset section, you’ll notice Authentication methods in the left menu. Here you can setup the number of authentication methods, including prompting your users to setup security questions as additional authentication options. You can specify your own custom questions that will be visible to the user or select the built in ones provided by Microsoft.
For the purpose of this demo, I will leave the default options enabled. Note that all features may not be available depending on your license type.
14. Moving down the menu, you’ll find Registration including the option on how often you require your users to re-confirm their authentication information they originally submitted. By default it’s 180 days and users are required to register when signing in.
15. The next option down is notifications. The default settings are shown below and are self explanatory.
16. Finally, it’s customization. You could add a link to your online helpdesk portal or an email address to allow users to contact IT in the event they require further assistance. I have already covered on-premise integration earlier so won’t cover that one again
17. Ok, so i’m all set. I have enabled password write back within Azure AD Connect and enabled Password Reset. I have confirmed the configuration has been picked up within Azure AD.
If you’re using a free trial account, you’ll receive the below message. At the time of writing this blog post, the password reset option does not function with trial accounts.
Errors/notifications:
You can’t reset your own password because you haven’t registered for password reset.
You haven’t registered the necessary security information to perform password reset
In this blog post I will go through the process of configuring a conditional access policy within Azure AD.
Conditional Access policies are simply if and then statements, for example, if a user wants to access a resource, then they must complete an action. Example: A staff member wants to access the payroll application and is required to perform multi-factor authentication to access it.
Note: Using this feature requires an Azure AD Premium P1 license
1. Login to the Azure Portal portal.azure.com 2. Click Azure AD or locate via the search box 3. Click Security
4. Click Conditional Access
5. Click New Policy
6. For the purpose of this demo, I have selected:
Assignments: – Selected Users and groups – Selected the Sales group
7. Next, click Cloud apps or actions
8. Select what this policy applies to. For the purpose of this demo, I have clicked select apps
9. Select your apps. For the purpose of this demo, I have selected Office 365 only
10. Next, click Conditions
Up to this point I have selected the Sales group and the application Office 365. I will now continue to apply conditions to the Sales group. Click Conditions
11. Click Device Platforms
12. For the purpose of this demo, I want this policy to apply for Sales people using an IOS device, such as an iphone
13. Click Locations
14. Here you could configure a location, for example you could prevent a conditional access policy from applying to your trusted locations but apply the policy everywhere else. Note the exclude option below where you could exclude locations from this policy.
15. Here you can control user access to target specific client applications not using modern authentication.
Note: When not configured, policies now apply to all client apps, including modern and legacy auth.
16. Click device state
17. Here you can control user access when the device the user is signing in from is not Hybrid Azure AD joined or marked as compliant.
18. Next, click grant
19. Here you can decide what you want this policy to do, block or allow access based on conditions. If you allow, you can select what conditions the users have to meet when authenticating. You could also select several options and select require all the selected controls or require one of the selected controls.
20. Finally, you have the option to enable the policy by clicking On. Clicking Off and the policy will not apply. Or clicking Report-Only which will only log events for you to analyse but not apply to users.
21. Click Create
Note: if you receive the below message after clicking create, you must disabled security defaults before you can create your policy.
Security defaults must be disabled to enable conditional access policy.
Out of the box, Microsoft now provide secure default settings that Microsoft manage on behalf of organisations to keep customers safe until they are ready to manage their own identity security. Security defaults is now enabled by default when setting up a new tenant.
You can disable security defaults by:
Logon in to the Azure portal at portal.azure.com
Click Azure Active Directory, or search using the search box
Click properties located in the left pane
Browse to the bottom of the page, and click the link Manage Security Defaults
22. and here is the policy
Notice the option What If below. This option allows you to test what a conditional access policy would do if applied to a user.
In this blog post I will be going through the various configuration options available within a modern Sharepoint site offered as part of Microsoft 365 suite. This is my first attempt setting up a modern Sharepoint site, so I decided to document my experience for others who may want to know more about Modern Sharepoint.
If you’re testing, you can sign up for a free 365 E3 license which includes a number of services including Sharepoint. You can sign up for a free 365 E3 trial at the following link Microsoft 365 E3 Trial
You’ll be prompted to setup a unique onmicrosoft.com tenant url as part of the registration process. I have configured imrancloudbuild.onmicrosoft.com, therefore my default sharepoint url is imrancloudbuild.sharepoint.com
After setting up your account, you’ll find that the out of the box Sharepoint design provided by Microsoft includes a nice layout and is mobile responsive.
Let’s move on and create a modern SharePoint site, click SharePoint to visit the admin center
2. Click + Create site (You could also amend the existing default Sharepoint site. For the purpose of this demo, i’ll be doing both, going through the options available when setting up a new site and also working with the default site later)
3. A couple of options appear
Examples of communication site scenarios.
Official corporate news
HR team communicating benefits and compensation information
Travel team publishing guidelines about corporate travel
Policies and procedures
Examples of team site scenarios.
Project team working together to complete deliverables and manage tasks.
Holiday party planning committee, planning the annual get together. If you have work locations in multiple geographies, you may have many holiday party committees and each party committee team site might be in a different language.
Human Resources team members – everyone who works in HR.
Executive Committee – different leadership groups within the organisation.
4. For the purpose of this demo, I will be setting up a SharePoint communication site
5. For the purpose of this demo, I will be selecting Topic
Topic to share information such as news, events, and other content.
Showcase to use photos or images to showcase a product, team, or event.
Blank to create your own design.
No matter which one you choose, you can add, remove, or reorder web parts as required.
6. Select a name for your new site. My new site is HR. Click finish
7. If we had clicked the option to create a Teams Site instead of a communication site, here is an example of the options and what the site would have looked like
Input details and click next (Teams Site example)
and here is the default Teams Site
8. Back to our communications site, let’s take a look at the available options
9. Click Site contents
10. Click Site settings
Site Usage – Allows you to check your Sharepoint stats, such as number of views, most viewed posts, what devices are used to connect to your site, etc.
Recycle Bin – deleted content resides here, with the option to permanently delete or restore
11. After clicking Site Settings, you’ll find a number of settings, including the option to delete your Sharepoint site, permissions, language settings etc.
We’ll start with changing the Modern Sharepoint Title and logo. Click Title, Description and logo
12. Change details as required and click ok. I have changed my site name from HR to Cloud Build Hub and uploaded a logo. Save the changes
13. Let’s check the changes, click the home link
Changing Modern Sharepoint template
14. Next, let’s take a look at the various templates available in case you don’t prefer the default template for your new Sharepoint site. Again, click change the look available under site settings. See step 11
15. Microsoft provide a number of different templates including the ones below.
16. After clicking a template, there is an option to Try it Out before you decide to apply the template. See screenshot below.
After clicking Try It Out, a further option appears where you can select to apply the template or cancel
Inviting members to a Modern Sharepoint site
17. What if you want to invite other members of your team to assist you with setting up the site? You can do this by clicking the share link at the top right corner of the site and granting members access.
Create a new menu link Modern Sharepoint
18. Next, I’ll create a new menu item, linking to my Blog, click Edit
19. Hover over pages and click the + icon as shown below
20. I type the details to my blog, click ok, and then save
And there is the new menu item
21. If you wish to reorder the items below, drag and drop the links as required.
Note that the admin links will not be visible to regular users and exist for the purpose of administration of the Sharepoint site only.
You may notice an option to add a label as shown below. A label is useful if you wish to add a top menu link such as Company, and upon clicking Company, additional menu items appear. In this case Company is the label.
Microsoft offer two types of menu layouts (Mega menu and Cascading menu). The default is Mega menu. If you wish to change the menu layout, click the cog icon towards the top of the site and click change the look as shown below
and then click navigation, change the menu to the cascading style. You may prefer the cascading menu over the Mega menu so experiment with both after creating a label and sub menu links.
Grant all users within the organisation read only access to Modern Sharepoint site
22. At some point you will want the Sharepoint site to be visible to all users within your organisation
Click share
Type everyone and click the option Everyone except external, click ok, and click share. I’ll cover external sharing in part 2
Ensure read only is selected
23. If you wish to add addition colours to your site without changing your site theme, click the cog found towards the top right corner, click the option change the look and click Theme
Note: At the time of writing this post, only certain parts of the site colours change when using Theme colours.
And select the colours of your choice
24. As you can see, only certain parts of the site have changed to the colour red
You could also use the customize option to change to a different colour that is not already part of the default theme colours provided by Microsoft.
Select the Header and Footer options if you wish to change the colours
Header colour has changed to grey
Stay tuned for part 2 where I will continue to go through the various settings offered as part of a Modern Sharepoint site.
Subscribe
Subscribe to new tech posts.
We will never send you spam email or forward your details to third parties.