Category Archives: Office 365

Print to corporate printers from #AzureAD joined Windows 10 devices

During my trainings, you’ll often hear me saying that it doesn’t make sense anymore to join your company’s portable devices in your on-premises Active Directory. In fact, these devices are usually used outside of the company’s environment, so they never or rarely contact your Domain Controllers.

A common good practice is to join them to Azure AD and control them using MDM and Conditional Access policies. But what happens when a user needs to print to an on-premises printer?

Now this is possible using the Hybrid Cloud Print feature. Now people in your organization can use Azure AD-joined devices to discover on-premise printers, and can print from work or from home or from anywhere else they can connect to the internet.

Hybrid Cloud Print is built on top of the Windows Print Server role, so it supports traditional domain-joined devices in addition to Azure AD joined devices. Best of all, your existing printer management scripts, tools, reports, and procedures will continue to work as is. And it’s secured by Azure Active Directory, so you and your users still benefit from features like multi-factor authentication, identity protection and single sign-on (SSO).

Once deployed, the print discovery and installation experience will be familiar to your users.


Hybrid Cloud Print consists of two new IIS service endpoints:

  • Printer Discovery service
  • Windows Print service

There are also six new MDM policies to configure and manage Hybrid Cloud Print. These enable the client device to know where the IIS service endpoints are and which Azure tenant information to authorize against.

To get started, take a look at the Hybrid Cloud Print overview and follow the deployment guide.

I also suggest to take a look at this video, an Ignite presentation about this topic:

Thanks for your time!


“What If” tool in Public Preview for #AzureAD Conditional Access Policies

In case you don’t remember what is all about Azure AD Conditional Access, I suggest that you click here to take a look at the previous articles in my blog that deal with this.

Let’s talk about a new feature that was announced to be in Public Preview, the so called “What If” tool for Conditional Access. This tool will let you understand the impact of a Conditional Access Policy on a user sign-in, under conditions that you specify. Do you remember the on-premises Group Policy Modeling console? Well, it should give you similar results, meaning you can see how the policies will be applied to a user, rather than waiting for the user to tell you (and complain in some cases…).

So let’s see how it works:

Go to the Azure Portal, and select Azure AD Conditional Access, then click on What If:



Select the user you want to test and optionally select app, IP address, device platforms, client app, sign-in risk, and then click on the blue What If button:



And these are the results that you get:



Which policies WIIL NOT apply? This is helpful when you want to know the reason when a policy is not applied:



Want to learn more about the What If tool? Click here to go to the related Microsoft Docs article.



#AzureAD administration experience in Azure classic portal to be retired January 8, 2018


Just for your convenience, I’ll copy here the latest Azure AD announcement about the reirement of the old admin portal:


Use the new Azure portal to manage Azure Active Directory

Action required

By January 8, 2018, you should plan to rely fully on the new administration experience for portal-based administration of Azure Active Directory.

The Azure AD experience in the classic Azure portal, and the Azure classic portal itself (, will be retired on January 8, 2018. You are receiving this email because you or another user in your organization recently used that experience.


Here are some resources to help you transition to using our new admin experience:

Azure AD admin center

Azure AD documentation

Getting started with the new administration experience

Provide feedback on the Azure AD admin experience

File a support ticket


To give feedback, submit a feature request, or vote on existing feature requests from others, go to the admin portal section of our Feedback Forum.

Thank you,
Azure AD Team

All the news about #AzureAD @Ignite2017

MS Ignite 2017 is over, but if you need to know all the news about Azure Active Directory, you should definitely take a look at this article:

MS Ignite 2017: Shut the door to cybercrime with Azure Active Directory risk-based identity protection

Azure AD Identity Protection and Privileged Identity Management take secure identity and access management to the next level. These new Azure AD features puts the power of conditional access and advanced risk analytics, just-in-time administration and security reviews in your hand to stop cyber criminals from gaining entry to your systems by compromising identities. Azure AD Identity Protection is built on Microsoft’s experience protecting consumer identities, and gains tremendous accuracy from the signal from over 13B logins a day. In this session, we demonstrate the detection capabilities, real time prevention using conditional access, the end user experiences, just-in-time administration and SIEM/analytics extensibility.

Video: #AzureAD Pass-through Authentication and Seamless Single Sign-on

Watch Senior Program Manager Microsoft Identity Services, Swaroop Krishnamurthy, show you a new way you can harness the power of cloud authentication while still keeping your passwords on-premises using Azure Active Directory pass-through authentication and seamless single sign-on capabilities. You’ll see how Azure AD can now validate securely your passwords against on-premises Active Directory all without the need for expensive on-premises infrastructure and automatically sign your users in while they’re at work.

#AzureAD: The Top 5 Tips for Information Protection

Information security expert, Dan Plastina from the Azure security team shares the top 5 tips for successfully accelerating information protection inside of your organization. Watch too as Dan also highlights key technology updates for Azure Information Protection, including: ‘scoped policies’ for scaling up and personalizing default information classification labels for specialized teams and next generation RMS-protected secure email.