Microsoft Previews Azure Active Directory Certificate Support for Android and iOS Office 365 Apps

Microsoft announced two new Azure Active Directory previews this week.

It released a preview of certificate support for Android- and iOS-based Office 365 applications. Additionally, there's a preview of Azure AD Connect Health for managing AD Domain Services.

Certificate Support Preview
The new preview of certificate support for Android and iOS devices running Office 365 applications adds to existing Windows device support. The idea of enabling such certificate support is to permit access to applications without requiring passwords, according to Microsoft's announcement.

Organizations need to be using a federation server in their premises-based computing environments to tap the Android and iOS certificate support. This preview supports Office applications (Excel, OneNote, PowerPoint and Word) on Android devices, as well as OneDrive, Outlook and Skype for Business Office 365 applications.

On the iOS side, the preview supports all of those Office 365 applications except for Outlook and Skype for Business. Support for those apps will be "coming soon," the announcement indicated.

In addition, the preview adds certificate support for Android and iOS devices that use Exchange ActiveSync-based mobile applications. It permits "authentication to Exchange Online, for both managed and federated Azure AD domains," Microsoft's announcement explained.

Using the previews involves meeting the requirements listed in Microsoft's announcement. In addition, certain Android operating system versions must be used on the client devices, such as "Lollipop" or greater.

On the iOS side, the operating system must be version 9.0 or greater. An "Azure Authenticator app" also needs to be installed on iOS devices to tap the preview.

IT pros also have to prepare their certificate authorities in Azure AD to use the preview, which involves running a bunch of PowerShell cmdlets. A federation server also needs to be set up.

Organizations will need to use Active Directory Federation Server 2012 R2 or higher to enable this certificate authentication, according to a blog post by Samuel Devasahayam, a principal lead program manager for Active Directory. Alternatively a third-party "IDP [identity provider] that supports certificate authentication" can be used. The latest "modern authentication libraries" for the Office apps need to be used, too, but they don't all have support yet, he added. Devasahayam offered lots of caveats, as well as configuration tips, in his post.

Azure AD Connect Health Preview
Last year, Microsoft released its Azure AD Connect Health tool as a commercial product. Azure AD Connect Health comes with Azure AD Premium subscriptions and is used to monitor infrastructure components. However, this week Microsoft is previewing a new capability in that tool to monitor Active Directory Domain Services.

The preview lets IT pros get alerts via e-mail when their domain controllers are in an unhealthy state. It provides a dashboard view of domain controller health, along with performance graphics. Microsoft added 13 "popular" performance indicators into the preview. Examples include "LDAP bind time," "LDAP searches per second," and "NTLM authentications per second." The indicators can be added to a custom dashboard, if wanted.

There's also a dashboard view to check if domain controller replication was performed successfully or not. It includes a remediation button to address replication failures. In addition, organizations have role-based access control over who can manage Azure AD Domain Services with the preview.

Organizations can use the preview by installing an agent on the domain controllers that need to be monitored. Microsoft describes the steps to take to use the new preview capability in this Channel 9 video.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube