Azure CSP Subscription Migration Guidance

Last month I spend some time on migrating an Azure PAYG subscription to an Azure CSP subscription. It seems like moving around some resources between resource groups is not that complex but I ran into some issues during the move which made me write down this post.

Before we start with the actual migration you should first draft a plan based on the different type of resources in you Azure subscription. I have used the following approach:

Scan

In this step we collect all the information of the current subscription. You can use the following tools and steps to get the information:

  1. Use the Azure CSP Migration Assessment tool. This will give you a good overview of which resources can be migrated, which require some extra action and which cannot be moved. The output is something similar to this:

Read more…

Automated user provisioning for Azure AD

Identity management is one of the most important topics in the cloud and security area. Obviously, the best way to create user accounts and groups in a directory is by using an automatic workflow / connection. This should be sourced from a Identity Management system or a HR system directly. Especially on this last topic, Microsoft is working closely together with Workday which you definitely should check out. Also, one of the most common ways to extend your accounts and groups to a Cloud world is by using Azure AD Connect. Azure AD Connect synchronizes the objects, which are located in the local AD, to Azure AD which is ideal for a hybrid situation. All tough I have come across a couple of mid-size businesses which do not have these kind of infrastructure in place and/or do not want to invest in an automatic workflow to provision Azure AD. For these smaller companies we have developed an User Management application which is now published as open source on GitHub. In this post I will go over the details on how to automate the user provisioning for Azure AD by using this User Management application and what technology is being used on the background. … Read more…

SSO: Azure AD & Confluence

In this Single Sign On “how to” guide we will look into the steps to integrate Confluence and Azure AD.

Specifically, this blog covers the custom installation of Confluence server. The Atlassian SaaS SSO configuration, which does also include Confluence, is covered in a Microsoft blog.

Pre-requisites

This guide is compatible with Confluence server version 5.5 or higher. Next you need to make the following preparations:

Confluence

Azure AD

  • Credentials of an Azure AD Global Admin account.
  • Create an Azure AD group to control access.
  • Create an Azure AD test user.

Read more…

Integrate non-Azure AD gallery applications

Since the launch of the Azure AD administration console in the new Azure AD portal you need to know a couple of things to setup a Single Sign On configuration for an application which is not listed in the Azure AD gallery. This blog describes the steps to integrate non-Azure AD gallery applications.

The first step is to open the Azure AD administration console in the Azure portal and select the Enterprise applications: … Read more…

SSO: Azure AD & Dynamics Navision

Just another post in this blog series on how to setup Single Sign On with Azure Active Directory. This time: Dynamics Navision.

Microsoft offers some guidance on how to configure Single Sign On for Dynamics Navision but in my experience, it requires some investigation to set things up. Especially if you want to automate things for later use. Which is why I’m writing this post.

Pre-requisites

This guide can be used for the Dynamics Navision 2016 or 2017 version. Before you start with the installation please make sure the following pre-requisites are met:

Navision server(s)

Azure AD

  • Credentials of an Azure AD Global Admin account.
  • Create an Azure AD group to control access.
  • Create an Azure AD test user.

Read more…