Azure Beginners Guide for AWS Professionals

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS. AWS and Azure are the most comprehensive cloud platforms. I recently watched a video explaining the fundamentals of Azure and AWS cloud platforms.

If you are an AWS professional, your knowledge of the AWS platform makes it easier for you to start your journey with Azure. The learning curve is not very huge. In this post, we will see how you can transfer the fundamental knowledge of the Amazon AWS platform to Microsoft Azure.

This post is based on Matt McSpirit’s 5-minute comparison video. In it, he explains how your knowledge as an AWS Professional easily translates to Microsoft Azure.

Get the critical differences between these two comprehensive cloud platforms in the 5-minute video. This post is an Azure Beginners Guide for AWS Professionals.

Key Concepts of AWS and Azure

The fundamental differences between AWS and Azure are the concepts of subscriptions and accounts. In Azure, account owners can delegate the task of managing subscriptions to application owners. This delegation is essential when paying the bill, not the person operating the technology.

Also, imagine running AWS services in your private data center. With Azure, you can deploy Azure services in your data center with Azure stack. Azure also supports first-party integration between your cloud and on-premises solutions.

  • Common Identity
  • Management and Security
  • Data Platform
  • Artificial Development

Like AWS, Azure Architecture allows you to build solutions with Windows and Linux. AWS and Azure have a vibrant marketplace of growing 3rd party echo systems of apps and solutions.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.1
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.1

Three Pillars of Azure and AWS Cloud Platform 

Azure Beginners Guide for AWS Professionals is based on three main pillars of these cloud offerings. There are three core services in AWS and the Azure cloud platform. I will cover each component in this post, as Matt explained above.

Three Pillars of Azure and AWS Cloud Platform 
Compute
Data Storage
Management
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Table 1

AWS Vs. Azure Compute Options

Virtual Machine Templates

Compute options are very similar to those of AWS and Azure. You can find the same range of on-demand virtual machine sizes in Azure and various Amazon EC2 instances in AWS. There are some differences in Memory, CPU, and storage options.

You can create AWS instances of virtual machines in the AWS management console. You can create Azure VMs in the Azure portal using APIs or Azure Command-line inter-phase for Windows or Linux. Following are the variety of options I have captured for the Azure Beginners Guide for AWS Professionals.

Azure Virtual Machine Offerings

  • Small Workloads (A, Av2, B, D, Dv2)
  • General-purpose (Dv3, N)
  • Storage workloads (L)
  • Database workload (Ev3)
  • Enterprise applications (M)
  • SAP HANA workloads (SAP)

AWS Virtual Machine Offerings

  • Accelerated Graphics (P2, G3)
  • Storage Optimized (I3, D2)
  • General-purpose (T2, M4)
  • Compute Optimized (C4)
  • Memory Optimized (X1, R3, and R4)

Automatic Scalability Options

In both AWS and Azure, you can use Auto-Scaling options to dynamically scale your application or service. For most scenarios, this can be done without any downtime.

In Azure, virtual machine scale sets can automatically add or remove VMs based on your defined metrics and threshold. In contrast, in AWS, AWS CloudFormation can scale your application or services automatically.

Application Architecture

In Azure, you can use Azure Resource Manager or ARM templates to define the architecture of your application or service for the multi-tiered workload. Again, you can use AWS CloudFormation templates to architect your application or services.

Containers Options

Amazon has AWS Elastic (EC2) Container Service for containers. Azure has Azure Container Service (AKS) to provide you with container service options. Use a fully managed Kubernetes container orchestration service or choose other orchestrators.

Azure supports Linux and Windows containers and offers a range of orchestration options, including Kubernetes, Mesosphere DC/OS, and Docker Swarm.

Serverless Options

AWS Lambda and AWS API Gateway (plus other services) are the solutions to build and deploy applications in AWS. In Azure, Azure Functions and other platform services are the answers for Serverless platforms.

This includes Azure Logic Apps, which visually model and automate process workflows. Other serverless options in Azure are Azure Database as a Service and Azure Service Fabric Cluster.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.2
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.2

AWS Vs. Azure Data Storage Options

Persistent data storage is the heart of many applications. Azure and AWS offer a range of storage options. AWS Simple Storage Service (AWS S3) is the cloud storage solution in AWS.

Where in Azure, you can use Azure Blob Storage as a cloud storage solution for your application and services. Storage speed and performance are important to cover in the Azure Beginners Guide for AWS Professionals.

In AWS, cold storage using AWS S3 Standard IA is an option. Amazon Glacier is archival cold storage in AWS. In Azure, this cold storage maps to Azure storage standard COLD (Access tier) and Azure Archival storage.

Database Options

Relational Database Options

Database options in AWS and Azure are also similar. However, there is an essential difference that IT pros need to understand. Amazon offers a variety of AWS Relational Database (AWS RDS) options. In Azure, Azure Relational Database options are Azure SQL Databases, Azure DB for MySQL, and Azure DB for PostgreSQL.

Non-Relational Database Options

Azure offers Cosmos DB (Azure Cosmos DB) to build a nonrelational Database for your applications and services. Azure Cosmos DB provides additional features like SQL query, unstructured data, low latency, and Geo-replication. AWS offers Amazon DynamoDB to have Fast and flexible nonrelational database service in the cloud.

Traditional Data Warehousing

Traditional Data Warehousing options are available for both AWS and Azure. Amazon AWS offers the AWS Redshift database for traditional data warehousing requirements of your applications and services.

Azure offers you an Azure SQL Data Warehouse solution to meet your application requirements. Like AWS Redshift, Azure SQL Data Warehouse is a fast, fully managed, and petabyte-scale data warehouse.

Big Data Offerings

Amazon and Azure offer big data analysis as part of their cloud services. AWS offers Amazon Elastic MapReduce (Amazon EMR) for big data analytics, including the Hadoop framework. Azure offers Azure HDInsights as a big data analytics option. 

HDInsight provides a fully managed, full-spectrum open-source analytics service for enterprises. Azure offers an additional offer for Big Data: Azure Data Lake Store. This store allows you to store massive unstructured or structured data sets and enables analysis of all your data from one place.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.3
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.3

AWS Vs Azure Management Options

Management is an important topic. Azure and AWS offer various options for managing your cloud resources. You can start with the AWS management console.

Azure provides management options through the Azure management portal. Management options for both platforms are essential with Azure Beginners Guide for AWS Professionals.

Troubleshooting

Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. You can also use Azure Cloud Shell for custom troubleshooting. Azure Cloud Shell supports Bash Shell for Linux and PowerShell for Windows workloads. 

Other options are available, including CloudWatch, CloudTrail, and X-Ray. There are many other third-party solutions for AWS cloud management.

Monitoring

AWS and Azure offer different monitoring options. In AWS, you can use 3rd party analytics engine like Splunk. Azure’s built-in monitoring options are log analytics, Azure application insights, etc.

Proactive Resource Optimization

Azure and AWS provide proactive resource optimization tools to help you. AWS comes with an AWS Trusted Advisor Dashboard. Trusted Advisor allows you to observe best practices for using AWS by inspecting your AWS environment and providing proactive resource optimization.

Azure provides a complementary tool called Azure Advisor for proactive resource optimization for your Azure environment.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD 1

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD

Let’s discuss the Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD. SCCM admins must go through the AAD Connect setup to build an Intune and SCCM hybrid lab.

AAD Connect is the app used to sync On-Prem AD with Azure AD. It can be installed on any server-class machine. The AAD Connect sync operation is critical for organizations.

If you plan to sync the hash of your passwords to the cloud, the AAD Connect setup configuration is pretty straightforward. However, if you have specific and advanced AAD Connect setup requirements, you must spend a lot of time on the initial setup.

AAD Connect setup and configuration will install and configure SQL Express DB. For big corporate organizations, we need to select advanced settings. These settings can be configured in advanced settings, as they may have custom attributes used in their sync process.

Also, the password hash may not be synced, and the ADFS configuration has been used for authentication.

Microsoft Azure Active Directory Connect

The window below helps you show the Microsoft Azure Active Directory Connect Express Settings. We will do the following if you have a single Windows Server Active Directory forest.

Express Settings
Configure synchronization of identities in the current AD forest of ASST
Configure password synchronization from on-premises AD to Azure AD
Start an initial synchronization
Synchronize all attributes
Enable Auto Upgrade
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Table 1
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD - Fig.1
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Fig.1

Azure AD AAD Connect Setup – Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD

I have selected “Express Settings” for my lab, so installation is straightforward. You must provide two credentials during the configuration: AZURE AD and On-prem AD. UPN suffixes should match one of the verified custom domains in Azure AD to use on-premises credentials for Azure AD sign-in.

I have changed the UPN suffixes of 4 Prem AD users so that those On-Prem AD users will get synced with Azure AD. The high-level steps are completed in the AAD Connect setup and configuration wizard. Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD?

  • Install and Configure SQL Express DB
  • Install the synchronization engine
  • Configure Azure AD Connector
  • Configure On-Prem AD Connector
  • Enable Password Synchronization
  • Enable Auto Upgrade
  • Configure Azure AD Connect Health Agent for sync
  • Configure Synchronization services on the computer
  • End Results/Outcome of AAD Connect Sync
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD - Fig.2
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Fig.2

The AAD Connect sync process will start after the AAD Connect setup and configuration. As you can see in the above screen capture, the configuration has been completed successfully on my On-prem AD server. To confirm whether the on-prem users/groups synced with Azure AD, log in to portal.azure.com and confirm the user IDs.

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD - Fig.3
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Fig.3

You can sync on-prem user identities/attributes and passwords to Azure AD using Azure AD Connect. Azure AD connect installation and configuration is very straightforward if we use (express settings 🙂 ).

I have a video tutorial here that helps you understand the AAD connect configuration, How to enable MFA for Azure AD to join Windows 10 devices and Twitter app integration with Azure AD.

This post will cover two other Azure AD (AAD) Sync topics.

  1. Where is the Scheduled Task used to create Azure AD?
  2. How to Create a service connection point in on-premises Active Directory?
  3. Video Tutorial – How to Sync On-Prem AD User Accounts with Azure AD

Windows 10 MDM devices can write back to on-prem AD. More details are available here. AAD Connect is mandatory for the write-back feature of Windows 10 devices.  

Earlier versions of Azure AD Connect used a Windows task scheduler to schedule the Azure AD sync of on-prem objects and attributes. The latest version has a built-in sync engine, so we won’t be able to find a scheduled task for AAD Connect. 

The new default synchronization frequency is 30 minutes. We can change the AD Sync Schedule using the PowerShell command “Get-ADSyncScheduler” and other parameters documented here.

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD - Fig.4
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Fig.4
PS C:\Users\anoop\Desktop> Get-ADSyncSchedulerAllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 26-05-2016 02:06:23
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled                  : False

I had trouble creating a service connection point in the on-premises Active Directory. This service connection point is used to “Connect domain-joined devices to Azure AD for Windows 10 experiences.” I followed the documentation here to configure the service connection points in on-prem AD but got stuck with PowerShell Commands. However, I ran the PowerShell commands per the above documentation with no luck.

After that, I installed the appropriate version of the Windows Azure Active Directory Module for Windows PowerShell. Then I tried to run the following PowerShell commands, which worked like a champ!

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD - Fig.5
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Fig.5
PS C:\Users\anoop\Desktop> Connect-MsolService

PS C:\Users\anoop\Desktop> Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"

PS C:\Users\anoop\Desktop> Initialize-ADSyncDomainJoinedComputerSync

cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1
Supply values for the following parameters:
AdConnectorAccount: nair\Anoop
AzureADCredentials
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.
Configuration Complete

How to Sync On-Prem AD User Accounts with Azure AD

SCCM Intune Step-by-Step Training Video Guides help you understand the AAD connect configuration, how to enable MFA for Azure AD, join a Windows 10 device, and integrate the Twitter app with Azure AD.

This post will cover two other Azure AD (AAD) Sync topics. I’ve already downloaded and installed the AAD connect tool, and I can show you how to configure it and start syncing it.

Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD – Video 1

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access 2

Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access

Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access? We will discuss the access rights of the built-in Intune RBA role, Intune Application Manager.

Ideally, this role should have access to Manage mobile apps and read device information, depending on the scope of users/devices assigned to it.

Do you know what the scope is? “The users or devices that a specified person (the member) can manage.” If you are an SCCM admin, the SCOPE option is already in SCCM 2012 and the CB console. I have another post that discusses the details of Configuration Manager RBAC.

This post will examine the permissions associated with the Intune application manager build-in role. According to Microsoft documentation, this role ” Manages and deploys applications and profiles.”

Intune Application Policy Manager RBA Controls In MEM Portal

We will dive deeply into this topic and explain the actions an Intune app admin can perform from the MEM portal. Following are the access permissions given to the Intune APP Manager RBAC role.

Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access - Fig.1
Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access – Fig.1

Managed Apps – Intune Application Policy Manager RBA Controls In MEM Portal

Managing your organization‘s IT infrastructure is essential to effectively controlling access to various resources. Here’s a breakdown of permissions for managing apps, devices, and mobile apps.

  • Assign managed apps to a security group
  • Create managed apps
  • Delete managed apps
  • Read managed apps
  • Update managed apps
  • Wipe Managed apps Managed Devices
  • No Access to delete devices
  • Access to read device information
  • No Access to update device properties Mobile Apps
  • Assign mobile apps to a security group
  • Create mobile apps
  • Delete mobile apps
  • Read mobile apps
  • Update mobile apps
Mobile Apps
Assign mobile apps to a security group
Create mobile apps
Delete mobile apps
Read mobile apps
Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access – Table 1

Overall Access Rights of Intune Tiles – Intune Application Policy Manager RBA Controls In MEM Portal

It can administrate some actions in managing apps and configuring device tiles. Access is denied to perform any activities in Conditional Access, Device Enrollment, Access control, and Set device compliance tiles.

  1. You are allowed to set up certificate authority in the Configure devices tile. However, you do not have access to view profiles.
  2. You are allowed to view the device information in the Device and Groups tile.
  3. Access is denied to create/delete new or existing groups or user profiles. It doesn’t matter whether the Intune policy manager is editing the groups in SCOPE. In many places, save and add buttons are enabled, but when we try to save, we get an error.
  4. Access is denied to change device and user settings in the Manage user tile.
  5. Access is denied to the Intune Silverlight console.
  6. Access is denied to the Intune App Protection section, and Intune mobile application management is not allowed for Intune App Managers. These app protection options are probably part of the Azure portal’s Intune—Manage Apps tab.

Access Rights – Manage Apps (Manage Apps and Mobile Apps) – Intune Application Policy Manager RBA Controls

You can create new mobile apps and edit mobile apps uploaded by admins. Access is Denied to edit the managed apps, which are automatically uploaded.

  1. Access is denied to remove assignments/deployments to a group outside the Intune application manager’s scope.
  2. Access is denied to remove assignments/deployments from a group in the Intune application manager’s scope. This should be allowed!
  3. If the user group is within the scope of the Intune application manager, you can add an assignment to the mobile/manage app.
  4. Access Denied adding an assignment to mobile/manage app if the user group is out of the scope of Intune application manager.
  5. App Protection Policies are getting hung while trying to edit (or create) existing (or new) app protection policies from the Intune App Manager account.
  6. Allowed to perform App Selective wipe option from Intune app manager account. Allowed to perform app selective wipe only on “in scope users/devices”.
  7. Access is denied to edit Company portal Branding from the Intune app manager account.
Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access - Fig.2
Intune Application Policy Manager RBA Controls In MEM Portal | Endpoint Manager Role-Based Access – Fig.2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune 3

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune

How do you organize the Endpoint Manager Portal Neat Clean for Intune Activities? The MEM portal is a one-stop shop for all the services in the Microsoft cloud. When users log in to a MEM portal for the first time, they can see all these services, which are already selected as favorite services by default.

The selection of favorite services in the MEM portal for individual users is not based on the user’s profile or access rights of the user. This is not good for new users in the Intune portal. They will struggle to find out their role-related services.

One of our articles helps you by showing the Intune Admin Portal walkthrough guide. It is one of the first things you have to learn. From this post, you understand what is where in the Intune admin portal (aka Microsoft Intune Admin Center).

Microsoft recently changed its brand name from MEM (Microsoft Endpoint Manager) to Microsoft Intune. For more information, refer to the Top 50 Latest Intune Interview Questions and Answers, and if you are interested, check out the Top 50 Latest SCCM Interview Questions and Answers.

How to Make Your Azure Intune Console Look Better – Video

The video guide on improving the look of your Azure Intune console is really helpful. It explains all the details step by step and provides easy-to-follow tips for making your console more visually appealing and user-friendly.

It’s an excellent resource for anyone who wants to enhance their Intune console’s visual experience and usability, whether they’re new to Intune or already using it.

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Video 1

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities

For example, you are an Intune admin and can only access Intune and Azure AD users and groups. But if you log into the MEM portal, you will see loads of services that make no sense. You will also find it messy, and I’m sure you will get lost in the portal until you find the search button or Intune services.

Microsoft Azure Features
Create a resource
Home
Dashboard
All services
FAVORITES
SOL
All resources
Resource groups
App Services
Function App
SQL databases
Azure Cosmos DB
Virtual machines
Load balancers
Storage accounts
Virtual networks
Microsoft Entra ID
Monitor
Advisor
Microsoft Defender for Cloud
Cost Management + Billing
Help + support
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Table 1
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune - Fig.1
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Fig.1

Don’t worry—a very friendly search option is available in the Azure portal. If you are an Intune admin, click on more services and type “Intune” in the search menu. You can see two Intune services: one for Intune (MDM) and the second for Intune App Protection (MAM without enrollment).

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune - Fig.2
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Fig.2

To keep your Azure portal well organized, you must spend only 2-3 minutes when logging in for the first time. What do we need to do to get a neatly organized Azure portal? You log in to the Azure portal, click on the More services button, and then remove the services that are not relevant to you.

For example, Intune admins have nothing to do with “Virtual Machines,” so you can remove the Virtual machine service from your favorite menu. This will help you remove the Virtual machine shortcut from the left-side menu of the MEM portal.

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune - Fig.3
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Fig.3

END Result:- Clean and Tidy Azure portal for Intune Admins. Remove all the services from the Azure portal except Azure Active Directory, Users and Groups, Intune, and Intune protection services.

How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune - Fig.4
How to Organize Endpoint Manager Portal Neat Clean for Intune Activities | Microsoft Intune – Fig.4

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Reset MFA Contact Details of Azure AD User 4

How to Reset MFA Contact Details of Azure AD User

Let’s discuss how to Reset the MFA Contact Details of an Azure AD User. In this post, we will see the different types of users in the Azure Active Directory (Azure AD or AAD) and how to delete a user’s existing contact details and request the user to fill in new contact details.

More details to change the Azure MFA Authentication phone from the MyApps portal – https://www.anoopcnair.com/change-azure-mfa-authentication-phone-myapps/(opens in a new tab). End-User and trying to change MFA Mobile Number – https://aka.ms/MFASetup.

We can easily reset the contact details used for MFA (Multi-Factor Authentication) from the Azure AD portal. This is very useful when the user gets an internal transfer within the organization to another country and wants to change the number.

Also, there are options to “Delete all existing app passwords generated by the selected users” and “Restore multi-factor authentication on all remembered devices”.

Reset MFA Contact Details – MFA Mobile Contact Number Reset from Azure Portal with Admin Access?

Let’s talk about resetting the Multi-Factor Authentication (MFA) contacts of an Azure Active Directory (AD) user. The video below will guide you through the process, showing all the necessary details step by step. It’s a straightforward way to ensure that the MFA contacts for your Azure AD user are updated correctly.

How to Reset MFA Contact Details of Azure AD User – Video 1

As you can see in the picture, two types of symbols are near user accounts. The one with external email IDs like Gmail and those kinds of users are guest users in Azure AD.

How to Reset MFA Contact Details of Azure AD User - Fig.1
How to Reset MFA Contact Details of Azure AD User – Fig.1

Using the Guest user option, you can temporarily grant external contractors access to your organization’s apps. Internal users with your organization’s email IDs are another type of user.

How to Reset MFA Contact Details of Azure AD User - Fig.2
How to Reset MFA Contact Details of Azure AD User – Fig.2

To access the organisation’s resources, Guest users should go through a secure onboarding process with MFA (Multi-Factor Authentication). Guest users will receive an invitation mail on the external email ID, and the email subject will be “You’re invited to the {Anoop’s} organization“.

The user has to click on the “Get Started” link from the mail, and they will be guided through the onboarding process with MFA. As you can see in the welcome screen (below picture), you will access the MyApps.microsoft.com portal, where guest users can access internal applications allocated to that user.

How to Reset MFA Contact Details of Azure AD User - Fig.3
How to Reset MFA Contact Details of Azure AD User – Fig.3

So, coming back to the main topic, “How to Reset the MFA Contact Details of an Azure AD User,” this option is available in the Azure portal: “Microsoft Azure Active Directory –> Users and groups—All users.” Click on “Multi-Factor Authentication.” In the new tab, you will see the option to reset the AAD user’s contact details.

  • This blade will allow you to reset all app passwords the selected users generate and ask users to perform MFA on all existing devices.
  • Select the user ID and click “Manage user setting” to reset the AAD user’s MFA contacts.
How to Reset the MFA Contact Details of an Azure AD User
Microsoft Azure Active Directory
Users and groups
All users
Multi-Factor Authentication
How to Reset MFA Contact Details of Azure AD User – Table 1
How to Reset MFA Contact Details of Azure AD User - Fig.4
How to Reset MFA Contact Details of Azure AD User – Fig.4

When you click on any user account from the above place (as seen in the above pic), it will take you to the Office 365 licensing portal. So, there is no need to log into the Office portal separately to assign user licenses. This is handy stuff.

How to Reset MFA Contact Details of Azure AD User - Fig.5
How to Reset MFA Contact Details of Azure AD User – Fig.5

Once you click on “Manage User Settings,” you will see the following options: The first one requires selected users to provide contact methods again, and the second one deletes all existing app passwords generated by the selected users.

3. Restore Multi-factor authentication on all remembered devices. To reset an Azure AD user’s MFA contact details, select option one, “Require selected users to provide contact methods again,” and click save. The next time a user logs into a device, AAD will prompt the user to provide contact details again.

How to Reset MFA Contact Details of Azure AD User - Fig.6
How to Reset MFA Contact Details of Azure AD User – Fig.6

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune 5

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager? A Clean Intune environment always gives us better deployment results, and one of the important steps to keep your environment clean is explained in this post.

This is not the only way to keep your Intune environment clean. Rather you should have regular sanity checks for your environment to ensure that you don’t have duplicate copies of policies and applications.

Moreover, you should avoid duplicate deployments of policies and applications. Duplicate deployments of policies can cause conflicts and could result in unexpected results.

We SCCM Admins are familiar with the process of deletion and removal of a device in SCCM and Microsoft Intune. However, we are always not sure when you remove a device from SCCM, then that device record will automatically get removed from On-prem Active Directory or not.

Introduction – How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune

The removal or deletion of a device or machine from Active Directory is not SCCM’s responsibility, and this should be handled separately by on-prem Active Directory.

So how are these operations handled in the modern device management world in terms of Intune SA (or SCCM Hybrid) and Azure Active Directory? In most cases, I have not seen that when you retire and delete a device from Intune, that device record will automatically get purged from Azure Active Directory (AAD).

  • To have better results for your Compliance/configuration policy and application deployments in the modern device management world, we should ensure a clean environment with clean Azure AD.
  • You can get a better understanding of this issue from the above video tutorial.
  • How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune - Fig.1
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.1

How to Delete Clean Tidy Intune Azure Active Directory?

In the above example, Intune console shows me only one device assigned to my user account. Whereas if you look at my Azure AD user ID and check for the devices assigned against my account, you can see there are a total of 3 devices, and all the 3 devices have been shown as managed by Intune.

This is not accurate data that is getting reflected in Azure Active Directory. I’m not saying every time this scenario will happen. I’ve seen some devices automatically get removed from Intune and AAD. How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?

I suppose we should have a better accuracy/sync between Intune and Azure AD databases.  I don’t see a scheduled task in Azure AD to purge the deleted records from Microsoft Intune. I’m not sure whether this is coming in the near future or not.

To ensure better results for Intune device management policies, when you delete a device from Intune, you should make sure that the device record is removed from Azure AD. I’m planning to post a video tutorial showing how to delete a device from Azure AD to have a clean and tidy environment.

NameEnabled/DisabledPlatformTrust TypeIs CompliantManaged by
DESKTOP-LNK7273DisabledWindows 10.0.1439AzureAdTrueIntune
DESKTOP-213GHPAEnabledWindows 10.0.1439AzureAdTrueIntune
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Table 1
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune - Fig.2
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.2

Resources

Windows 10 Intune Enrollment Manual Process AAD Registration (anoopcnair.com)

Validate Azure AD Dynamic Group Rules | Intune

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr 6

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

Let’s discuss how to Sync On-Prem AD Users with Azure AD Intune ConfigMgr. Using Azure AD Connect, you can sync on-prem AD users identities/attributes and passwords to Azure AD. Azure AD connect installation and configuration is very straightforward if we use (express settings 🙂 ).

I have a video tutorial here that helps you understand the AAD connect configuration, How to enable MFA for Azure AD to join Windows 10 devices and Twitter app integration with Azure AD.

In this post, I will cover two other Azure AD (AAD) Sync topics.

  1. Where is the Scheduled Task used to create Azure AD?
  2. How do you create a service connection point in the on-premises Active Directory?
  3. Video Tutorial – How to Sync On-Prem AD User Accounts with Azure AD

Windows 10 MDM devices can write back to on-prem AD. More details are available here. AAD Connect is mandatory for the write-back feature of Windows 10 devices.  

Earlier versions of Azure AD Connect used a Windows task scheduler to schedule the Azure AD sync of on-prem objects and attributes. The latest version of Azure AD Connect has an inbuilt sync engine. Hence, we won’t find a scheduled task for AAD Connect.

Index
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users Accounts With Azure AD
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr – Table.1

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

The new default synchronization frequency is 30 minutes. We can change the AD Sync Schedule using the PowerShell command “Get-ADSyncScheduler” and other parameters documented here.

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

PS C:\Users\anoop\Desktop> Get-ADSyncSchedulerAllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval
: 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 26-05-2016 02:06:23
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled    
              : False

I had trouble creating a service connection point in the on-premises Active Directory. This service connection point is used to “Connect domain-joined devices to Azure AD for Windows 10 experiences.” I followed the documentation to configure the service connection points in on-premises AD but was getting stuck with PowerShell Commands. I ran the PowerShell commands per the above documentation but with no luck.

After that, I installed the appropriate version of the Windows Azure Active Directory Module for Windows PowerShell. Then I tried to run the following PowerShell commands, which worked like a champ!

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
PS C:\Users\anoop\Desktop> Connect-MsolService

PS C:\Users\anoop\Desktop> Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"

PS C:\Users\anoop\Desktop> Initialize-ADSyncDomainJoinedComputerSync

cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1
Supply values for the following parameters:
AdConnectorAccount: nair\Anoop
AzureADCredentials
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.
Configuration Complete

How to Sync On-Prem AD Users Accounts With Azure AD

This video helps you to understand the AAD connect configuration, how to enable MFA for Azure AD to join Windows 10 devices, and how to integrate the Twitter app with Azure AD. In this post, I will cover two other Azure AD (AAD) Sync topics.

I’ve already downloaded and installed the AAD connect tool, and I can show you how to configure it and start syncing it. How to enable MFA for AAD Join Machines How to integrate Twitter with Azure AD to get SSO.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.