Using Azure Storage Account to publish Enterprise Mode List

When migrating your environment to Window 10, you would also be introduced to Edge. I like Edge, don’t get me wrong, but that’s not always the case with your old web applications.

The rescue squad in this case is something called Enterprise Mode
https://technet.microsoft.com/en-us/itpro/microsoft-edge/emie-to-improve-compatibility

Configuring the Enterprise Mode list is quite straight forward when using the Enterprise Mode Site List Manager, so I won’t cover that one in this post.

The next step after getting the configuration right, is to make it available for all clients, and what’s better than a server less infrastructure to handle that part.

In this case I’ve chosen to host the file in a Azure Storage Account, which makes it highly available with a decent SLA, and it’s really fast to get started if you have a Azure Subscription.

  1. Start by creating an Azure Storage Account in a datacenter near you.
  2. Create a container, and set the Access type to Blob
  3. Upload your generated XML file.

There is just one caveat that I want to highlight. That’s the Cache-Control of your blob. If you don’t remove that one, the file will be cached on the client and it takes time to get new configuration rolled out.

Luckily, solving it is simple. Open Microsoft Azure Storage Explorer, browse to the file you have uploaded, and edit the Properties. In the CacheControl field, add “public, no-cache” , and click Save.

xmlfileproperties

This ensures that the file isn’t cached on the client, and therefor also updated fast when you change it. For details on how to configure the perfect CacheControl for your environment, have a look at the following document: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9

 

Finding your Bitlocker Recovery Key in Azure AD

When you Azure AD join your device and activate Bitlocker, you get the option to store the Recovery Key in Azure AD.

If you ever wonder where to find them, they are all available from the Details Window for your registered devices in the Azure AD Management Portal.

A few easy steps to get there

  1. Open Azure AD in the Management Portal
    https://manage.windowsazure.com
  2. Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
  3. Go to the Devices tab, and in the View box, select Devices.
  4. Select the affected device, and click View Details.
    All registered keys should be visible

 

 

 

Joining objects in MIM when you have to calculate the matching attributes

Had a case this other day where we where unable to get a unique identifier from the different source systems, and all of these where to enter the same Windows AD.

The case

We have multiple countries with the same HR system each (Same system, but different databases). In all countries’ databases, the employee number stated on 10001. To solve this, we chose to prefix the employee number upon import. This isn’t a big deal, but it’s a bit more tricky when we need to make sure that a join is successful.

Solution

Not that tricky, but it takes time if you don’t know where to start, right?

As we have chosen to use Employee ID as the linked attribute, we decided to use this attribute for joining also. Why make it more complicated than we need to?

To begin, create a Management Agent Extension, and add the following Join rules there

void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
    switch (FlowRuleName)
    {
        case "JoinEmployeeID":
            if ((csentry["employeeID"] != null) || (csentry["employeeID"].StringValue != ""))
            {
                String emloyeeIdWithPrefix = "NO" + csentry["employeeID"].StringValue;
                values.Add(emloyeeIdWithPrefix);
            }
            else
            {
                throw new Exception(String.Format("EmployeeID can't be blank!"));
            }
            break;
        default:
            throw new EntryPointNotImplementedException();
    }
}

Then configure the following join rules on the Management Agent

Data Source Object Type Join Project Comment
Person Yes Yes
Mapping Group Action Metaverse Object Type Resolution
1 Join Person No
Data Source Attribute Mapping Type Metaverse Attribute Comment
employeeID Rules Extension – JoinEmployeeID employeeID See join extension rule
Use rules extension to resolve False

Thanks, and hope this could help someone else also 🙂

You don’t have to be developer to follow //Build

It’s just a few hours till //Build Keynote, and the hottest developer conference in 2016 kicks off. But how about us IT Pros?

After skimming over the agenda, I see that not all of them are just for hard core developers. There is actually quite a few sessions that at least I find extra interesting. Below you can see the session I will be following, not all will be live, but hopefully most of them will be available on demand later on 🙂

For a complete list of all Channel9 live session, check this filter at channel9.msdn.com
https://channel9.msdn.com/Events/Build/2016?y=Channel%209%20Live

Join me watching these videos, and lets prepare for Ignite 2016 later this year 🙂