Home » Archives for 2019

Year: 2019

Azure AD and SQL Server Authentication

If you use Azure SQL Server and you care about security, then it definitely makes sense to give users access via their Azure Active Directory account. Azure AD supports multi-factor authentication, identity protection and a lot of other security features which makes it much more secure than using a connection string.

Admin Access

The first thing to configure is the Admin access via Azure AD. That’s easily doable via the Azure Portal:

  1. Navigate to your Azure SQL Server (not the Database!)
  2. Open the Active Directory Admin settings:
  3. Go to Set Admin and configure your user. I suggest to configure a group as it gives you more flexibility

Read more

Change device owner of an Azure AD joined device

If you join devices to Azure AD, then you can see that each device has an owner. The owner is the user who joined the device to the Azure AD which is sometimes the account of the administrator. That’s why one probably wants to change the owner which is unfortunately not possible via the Azure portal. But, as usual, you can easily do it via PowerShell.

The main commands you need are:

Get-AzureADDevice   # returns all device
Get-AzureADUser     # returns all users

# add new device owner
Add-AzureADDeviceRegisteredOwner -ObjectId [DeviceObjectId] -RefObjectId [NewOwnerObjectId]
#remove previous device owner
Remove-AzureADDeviceRegisteredOwner -ObjectId [DeviceObjectId] -OwnerId [PreviousOwnerObjectId]

I created a simple script which has device name and new owner as input and simply does the job:

Read more

Office 365 – Forward all mails sent to a (sub)domain

There are many reasons why someone wants to forward all incoming mails from a domain to a specific address. One use case is by sure testing. If you test an application, then you probably need a lot of mail addresses. To avoid creating all the mail addresses, you could use tools like postfix for it. But it also requires some setup and configuration.
I am Office 365 user and I love it and by sure, I want to solve this issue with Office 365. I tried it and it took some time, but then I found the right setup.

So, what I want to achieve is simple:
All mails sent to @tst.axr.at should be forwarded to a shared mailbox, where all testers have access (or to specific address).

Sounds simple and you can easily configure it in Office 365, but there are a few pitfalls, that’s why I created this blog post. So let’s go through it step by step.

Read more