Recently, I have been involved more and more in projects where Office365 is to be fully implemented in Citrix environments. This means that the customer not only needs the standard Office applications Outlook, Excel and Word, but also wants to use teams and OneDrive.
But this is exactly where we, without additional software, have big problems in non-persistent desktop environments. For example with our profiles (Team Installer stores its data in the profile) or so that the data is downloaded from the Internet every time (excluding OneDrive Sync data in the profile).
However, we have recently been in the fortunate position of being able to use FSLogix “free of charge” for this purpose, if we meet the following requirements:
Continue reading “FSLogix Container (Office/Profile) in Citrix Environments”
- Microsoft 365 E3/E5
- Microsoft 365 A3/A5/ Student Use Benefits
- Microsoft 365 F1
- Microsoft 365 Business
- Windows 10 Enterprise E3/E5
- Windows 10 Education A3/A5
- Windows 10 VDA per user
- Remote Desktop Services (RDS) Client Access License (CAL)
- Remote Desktop Services (RDS) Subscriber Access License (SAL)
For quite some time (Beginning of 2017) it is now possible to solve SSO scenarios with Azure even without ADFS infrastructure. However, it is only recently that companies has started to not insist on ADFS. Now one may finally also point out the alternative solutions of Microsoft.
The possible scenarios for Seamless SSO are:
- Pass-through authentication (PTA)
- Password Hash Sync (PHS)
Pass-through authentication (PTA)
- No automatic detection of leaked login data
- Azure AD DS requires enabled Password Hash Synchronization feature in tenant to work
- Is not part of Azure AD Connect Health
Password Hash Sync (PHS)
Continue reading “Activation of Azure AD Seamless Single Sign-On”
- Password is synchronized to the cloud (as hash value)
To complete my previous article, I also directly implemented and tested Microsoft Azure MFA Cloud Service in my test lab. In this post I go straight to the ToDo’s for implementation. For more information on MFA and the differences between Local and Cloud, please read my previous post.
It is important that all my information has the status of March 2019 and since it is the cloud, it will soon be obsolete again.
Continue reading “Microsoft Azure MFA Cloud Service in Citrix ADC Version 12”
As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.https://www.microsoft.com/en-us/download/details.aspx?id=55849
During one of my current projects, I launched a PoC for two-factor authentication based on Microsoft Azure MFA. Azure multi-factor authentication requires users to verify and confirm their signups using a mobile app, phone call, or text message. You can use it with Azure AD or the local AD.
It is important that all my information has the status of March 2019 and because it is the cloud, quite quickly become obsolete again.
The safety of the two-stage check is at level approach. The multiple authentication factors poses a major challenge for attackers. Even if an attacker can find out the user’s password, this is useless unless he or she is also proficient in the additional authentication method. This works by requesting at least two of the following authentication methods:
Continue reading “Microsoft Azure MFA Server in Citrix ADC Version 12”
- Something you know (usually a password)
- Something you have (a familiar device that can not be easily duplicated, like a phone)
- Something that you are (biometrically)
This article is about creating an AD FS Proxy from Citrix ADC (version 12). The AD FS Proxy is used to authenticate e.g. external SaaS applications or websites via AD FS. The following should be achieved by the AD FS Proxy:
- URL / DoS Protection
- Suitable external authentication (MFA, Forms instead of Kerberos)
- Account Lockout Protection
- Availability (Load Balancing)
What is AD FS ?
Active Directory Federation Services (AD FS) is a feature in the Windows Server operating system that allows identity information to be shared outside of the corporate network. Users can access applications (e.g. Office365, Salesforce.com, etc.) without being prompted to provide credentials again. These applications can be hosted locally, in the cloud, or even by other companies. The user accounts can be managed by the administrator in a single location, the Active Directory.
A normal deployment of AD FS for external clients consists of AD FS Proxy and AD FS Server. The AD FS Server is a member of the domain and perform the authentication. The AD FS Proxy is usually located in a separate network zone (DMZ) so that it can be reached externally and forward the requests inwards.
Continue reading “Citrix ADC Version 12 as AD FS Proxy”