AD

Azure AD B2B

Azure AD B2B has been a lifesaver for me, in giving external clients access to SharePoint Online portals.

There’s a great TechNet article on how it works and how to do it, as well as a great Channel 9 video demoing how it works if you want to dive deeper, but here’s an overview:

Azure AD B2B lets you invite external people via their email address, to use your Azure resources. For me, that’s SharePoint Online, but you can grant access to other Azure resources too.

The process is really simple – you need to fill out a very basic CSV file with each person’s email address and full name, along with a few basic details such as the site you want them to be redirected to, and an ID of the resource you’re granting access to.

The people you’re inviting don’t need their own Azure AD instance which is the best part – if they do, then they just get invited to your instance with the set permissions… but if they don’t, on the fly a pseudo-Azure AD gets set up by Microsoft for the domain their email address is on, and again they’ll get invited to your instance.

This method eliminates the need to do extensive account management, all you have to worry about is inviting them and giving them the permissions they need (which I do via group membership). Password resets they can do themselves, and get a code sent to their email address to use as part of the reset process.

On top of this, there’s no licensing required, which means if you are already covered for SharePoint Online through your Office 365 sub, this is a very cheap way to make customer facing portals to share information with, that’s locked down and hosted in the HA environment of Office 365.

I was surprised at how simple it was to invite, and even from the end user’s perspective of receiving the invitation – the process is very easy.

At the time of writing, Azure AD B2B is in public preview and may have a few bugs.

Azure AD Connect 1.1.105.0

Today a new version of Azure AD Connect was released – v1.1.105.0 (even though the site says 2/16/2016, but wasn’t there yesterday!)

The download link is here: https://www.microsoft.com/en-us/download/details.aspx?id=47594

If you want a reminder on what Azure AD Connect is, Microsoft have a great article here. It replaced Dirsync and AADSync

It’s worth the upgrade, full release notes are here but the big change in my opinion is:

New preview features:

  • The new default sync cycle interval is 30 minutes. Used to be 3 hours for all earlier releases. Adds support to change the scheduler behavior.

30 minutes is much nicer to wait for a change (this doesn’t include passwords) than 3 hours.

Note that this used to be controlled from a scheduled task in DirSync and AADSync, but now runs as the Microsoft Azure AD Sync service. If you want to check that your sync has now changed to 30 minutes, run the PowerShell command  “Get-ADSyncScheduler” and you should see the values of AllowedSyncCycleInterval and CurrentlyEffectivSyncCycleInterval both as 30 minutes:

azure2

If you’ve already got the connector installed, it will just install over the top using your existing settings. It just requires re-entry of your Azure AD credentials for syncing, and took me about two minutes to run.

azure1Success!

Update: 1st March 2016

Due to a bug with the time, version 1.1.110.0 has been released. Please use that instead of 1.1.105.0