[CompartiMOSS]: Nuevo número a la vista y vamos por el 53!

Una vez más desde el equipo de CompartiMOSS gracias al apoyo fundamental de nuestros autores y lectores estamos encantados de anunciaros que un nuevo número de la revista acaba de ver la luz:

https://www.compartimoss.com/revistas/numero-53/

Como siempre, en este nuevo número encontrarás articulos super-interesantes y con mucho detalle por lo que te animamos a que accedas a nuestro sitio y no pierdas la ocasión para aprender cosas nuevas .

Microsoft 365: Soporte de Grupos y Teams en Grupos Dinámicos de Azure AD!

Aunque seguro que muchos ya lo habréis leído, me hago eco del soporte para Grupos y Teams en Grupos Dinámicos de Azure AD. Esta característica actualmente en Preview nos permite en la práctica poder disponer de la deseada funcionaldiad de grupos anidados (Nested). Para conocer todos los detalles y posibilidades así como poder probarlo os recomiendo este articulo de mi colega Tony Redmond en el Sitio de Office 365 for IT Pros:

https://office365itpros.com/2022/06/08/dynamic-azure-ad-group-members/

Microsoft 365: Roles personalizados para gestión de aplicaciones!

En esta ocasión os comparto una novedad más que interesante en lo que a gestión de aplicaciones en Azure AD se refiere a través del soporte de roles personalizados. Todos los detalles de esta característica los podéis encontrar en el siguiente enlace:

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-rbac-custom-roles-for-app-management-now-available/ba-p/3185206

Con esta nueva funcionalidad se habilitan escenarios de gestión granular de aplicaciones en Azure AD.

Microsoft 365: Public Preview of Multi-tenant Sync support with Azure AD Connect!

Undoubtedly, the public preview of multi-tenant sync support with Azure AD Connect is one of the biggest news we were waiting for. This new feature will allow the possibility to synchronize the same AD object to multiple Azure ADs through Azure AD Connect. You can find all the details in the following URL:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

The full details of what’s supported in this scenario are the following:

• AADConnect can synchronize the same users, groups, and contacts from a single Active Directory to multiple Azure AD tenants. These tenants can be in different Azure environments, such as the Azure China environment or the Azure Government environment, but they could also be in the same Azure environment, such as two tenants that are both in Azure Commercial.
  

• The same Source Anchor can be used for a single object in separate tenants (but not for multiple objects in the same tenant)
  

• You will need to deploy an AADConnect server for every Azure AD tenant you want to synchronize to – one AADConnect server cannot synchronize to more than one Azure AD tenant.
  

• It is supported to have different sync scopes and different sync rules for different tenants.
  

• Only one Azure AD tenant sync can be configured to write back to Active Directory for the same object. This includes device and group writeback as well as Hybrid Exchange configurations – these features can only be configured in one tenant. The only exception here is Password Writeback – see below.
  

• It is supported to configure Password Hash Sync from Active Directory to multiple Azure AD tenants for the same user object. If Password Hash Sync is enabled for a tenant, then Password Writeback may be enabled as well, and this can be done on multiple tenants: if the password is changed on one tenant, then password writeback will update it in Active Directory, and Password Hash Sync will update the password in the other tenants.
  

• It is not supported to use the same custom domain name in more than one Azure AD tenant, with one exception: it is supported to use a custom domain name in the Azure Commercial environment and use that same domain name in the Azure GCCH environment. Note that the custom domain name MUST exist in Commercial before it can be verified in the GCCH environment.
  

• It is not supported to configure hybrid experiences such as Seamless SSO and Hybrid Azure AD Join on more than one tenant. Doing so would overwrite the configuration of the other tenant and would make it unusable.
  

• You can synchronize device objects to more than one tenant but only one tenant can be configured to trust a device.
  

• Each Azure AD Connect instance should be running on a domain-joined machine.

Microsoft 365: Multi-tenant Sync con Azure AD Connect en Public Preview!

Sin duda, gran noticia el que finalmente podamos tener soporte para sincronizar un mismo DA con diferentes Azure AD gracias al soporte de este escenario en Azure AD Connect. Este escenario está actualmente en Public Preview como podéis ver en la documentación correspondiente:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

El detalle concreto de que se soporta en este escenario es el siguiente:

• AADConnect can synchronize the same users, groups, and contacts from a single Active Directory to multiple Azure AD tenants. These tenants can be in different Azure environments, such as the Azure China environment or the Azure Government environment, but they could also be in the same Azure environment, such as two tenants that are both in Azure Commercial.
  

• The same Source Anchor can be used for a single object in separate tenants (but not for multiple objects in the same tenant)
  

• You will need to deploy an AADConnect server for every Azure AD tenant you want to synchronize to – one AADConnect server cannot synchronize to more than one Azure AD tenant.
  

• It is supported to have different sync scopes and different sync rules for different tenants.
  

• Only one Azure AD tenant sync can be configured to write back to Active Directory for the same object. This includes device and group writeback as well as Hybrid Exchange configurations – these features can only be configured in one tenant. The only exception here is Password Writeback – see below.
  

• It is supported to configure Password Hash Sync from Active Directory to multiple Azure AD tenants for the same user object. If Password Hash Sync is enabled for a tenant, then Password Writeback may be enabled as well, and this can be done on multiple tenants: if the password is changed on one tenant, then password writeback will update it in Active Directory, and Password Hash Sync will update the password in the other tenants.
  

• It is not supported to use the same custom domain name in more than one Azure AD tenant, with one exception: it is supported to use a custom domain name in the Azure Commercial environment and use that same domain name in the Azure GCCH environment. Note that the custom domain name MUST exist in Commercial before it can be verified in the GCCH environment.
  

• It is not supported to configure hybrid experiences such as Seamless SSO and Hybrid Azure AD Join on more than one tenant. Doing so would overwrite the configuration of the other tenant and would make it unusable.
  

• You can synchronize device objects to more than one tenant but only one tenant can be configured to trust a device.
  

• Each Azure AD Connect instance should be running on a domain-joined machine.

Microsoft 365: How to check if a device is joined to Azure AD(I)!

Quick time that I have found quite useful to check if a device is already joined to a domain, something is wrong or even unjoin the device from Azure AD. To check if a device is joined to Azure AD, we can make use of the DsRegCmd tool in the following way:

DsRegCmd /status

To unjoin a device from Azure AD, we have to make use of DsRegCmd in the following way:

dsregcmd /debug /leave

The output we should get from the first command is the following:

References:

• https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-device-dsregcmd
• Troubleshooting weird Azure AD Join issues – ITProMentor

Microsoft 365: Como comprobar si un dispositivo está unido a Azure AD (I)!

Tip muy rápido que en mi caso me ha sido muy útil tanto para comprobar si un dispositivo está unido a Azure AD como para desunirlo en el caso en el que haya alguna situación anómala. Para comprobar si un dispositivo está unido a Azure AD hacemos uso de la utilidad DsRegCmd de la siguiente forma:

DsRegCmd /status

Y para desunir un dispositivo de Azure AD, tenemos que usar DsRegCmd de la siguiente forma:

dsregcmd /debug /leave

La salida por pantalla del primer comando será similar a la que sigue:

Referencias

• https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-device-dsregcmd
• Troubleshooting weird Azure AD Join issues – ITProMentor

Microsoft 365: Virtual Assistant for Azure AD troubleshooting and support!

This time I’m sharing a video about the virtual assistant for Azure AD troubleshooting and support. Enjoy!

Microsoft 365: Asistente virtual para información y troubleshooting en Azure AD!

En esta ocasión os dejo un video sobre el asistente virtual para información y troubleshooting en Azure AD.

[CompartiMOSS]: Disponible el número 48 y como siempre cargado de artículos más que interesantes!

Un nuevo número de la revista de habla hispana de tecnologías Microsoft ya está disponible a través de nuestro sitio web y vamos ya por 48 ediciones . Podéis leer los artículos del nuevo número de la revista en el siguiente enlace:

https://www.compartimoss.com/revistas/numero-48/

Como siempre gracias a los autores y lectores de CompartiMOSS por hacer posible un nuevo número y en breve estaremos trabajando en el número 49.