Comments for Azure AD Stuff https://stephanwaelde.com Mon, 02 Aug 2021 08:09:56 +0000 hourly 1 http://wordpress.com/ Comment on The Primary Refresh Token: mostly strong by Dr. Nestori Syynimaa (@DrAzureAD) https://stephanwaelde.com/2021/08/02/the-primary-refresh-token-mostly-strong/#comment-541 Mon, 02 Aug 2021 08:09:56 +0000 http://stephanwaelde.com/?p=963#comment-541 Great article Stefan!
You asked about is there any way to remove MFA claim. Yes there is as the authentication method can be edited (at least by admins). Setting it to pwd will remove the MFA claim: https://o365blog.com/post/prt/#prt-and-mfa-claims

]]> Comment on Azure AD Join Single Sign-on: follow the key by Stephan Wälde https://stephanwaelde.com/2020/02/24/azure-ad-join-single-sign-on-follow-the-key/#comment-518 Thu, 13 May 2021 06:04:38 +0000 http://stephanwaelde.com/?p=812#comment-518 In reply to chrisyue007.

Public facing is not necessary. An internal CRL distribution point sill suffice. This is because we are talking about a scenario where a line of sight to domain controllers is required anyway; and line of sight to domain controllers implies that an internal CRL distribution point should be reachable.

]]> Comment on Azure AD Join Single Sign-on: follow the key by chrisyue007 https://stephanwaelde.com/2020/02/24/azure-ad-join-single-sign-on-follow-the-key/#comment-510 Fri, 02 Apr 2021 20:05:38 +0000 http://stephanwaelde.com/?p=812#comment-510 Great article!
Regarding the CRL distribution point via HTTP, does this need to be on a public facing web server or will a LAN bound setup work?

]]>