There are 3 entries in this Category.

Quickly Assess Azure MFA use in your Organization

Microsoft recently released a very helpful script that allows Administrators looking to roll out Azure MFA to their organization with a easy-to-read output that can aid in assessing status, or even recommendations to enhance their use of the technology.


Below is a sample output


Here are some common “Recommendations” from the script

  • ‘Register for MFA, preferably with the Microsoft Authenticator mobile app and also with a phone number, used for SMS or Voice.’
  • ‘Consider adding an alternative phone number for additional resilience.’
  • ‘Consider setting the Microsoft Authenticator mobile app as the default method.’
  • ‘Register at least another authentication method, preferably the Microsoft Authenticator mobile app or hardware OATH token. A user can have up to five hardware OATH tokens or mobile apps registered.’
  • ‘Consider adding an alternative phone number for additional resilience.’


Download the ZIP file from the Microsoft website.


Run the following Powershell commands to Authenticate to your tenant and run the commands

Import-Module MSONLINE


$TenantID = ($skus.AccountObjectID[0]).GUID

.\MfaAuthMethodAnalysis.ps1 –tenantID $TenantID -Location -CsvOutput –Verbose

You’ll may see the following error:


If this occurs, you will need the MSONLINE module, and may need to update as I had to do by running the following Powershell command:

Update-Module MSONLINE


Once updated, try running the command again and you should see the process fire off and save a file in the directory of the script in the format MfaAuthMethodAnalysis_<date>_<time>.csv


This is WAY easier than using the GUI in Azure Active Directory, and allows you to do some sort again the data for taking action, automation, etc.


Notes From The Field, Volume 1 – The Hybrid AD Device Management Troubleshooting Guide

I always have a rule of thumb “if it takes more than an hour to solve, it deserves sharing”, and that’s always been the story of my blogs over the last decade plus. The biggest struggle is finding the time to sit down, pull all my notes together, and sharing it with the larger IT community. With a holiday weekend and time off, since I’m not WORKING working, I figured why not start a fun series in the Microsoft Modern Workplace space I spend most of my time architecting, deploying & speaking about!

Volume 1 will cover a topic that has been near and dear (and a pain in my rear) to me, and it has to do with the Microsoft Device Management story as it pertains to Hybrid AD devices. Azure AD is the nirvana, mountain top goal that all organizations should be aiming, but as a realist in recognizing that takes time, time, and more time, starting off with Cloud management is a baby step in bringing the rest of an organization.

To meet the prerequisites for the SCCM Co-Management story, Hybrid AD and Intune registered devices for MDM are necessary; see:

In a Hybrid AD scenario this requires line of sight to a domain controller (which also applies to AutoPilot and Hybrid AD, but that’s for another Volume), but what happens with a remote workforce? Let’s dig into the “gotchas” to bring these devices into the fold.

Continue reading “Notes From The Field, Volume 1 – The Hybrid AD Device Management Troubleshooting Guide” »

Office 365 Groups & My Apps Panel: A New Twist to an Old Problem

Recently our team at Concurrency had a meeting with one of the Program Managers at Microsoft for Office 365 Groups and this spurred a conversation internally about how the team is helping customers use Office 365 Groups. After spending hours in my own lab developing training material around the Enterprise Mobility Suite as well as using Office 365 Groups, a new twist to an age-old problem of collaboration and management appeared that has seemingly haunted teams and departments. Using Microsoft’s approach of self service and some new (well, not SO new, maybe 12-18 months old) technology solves this dilemma with the modern tool of Office 365 groups.

So let’s dive into. We have a test customer that currently has Office 365 E3 CALs for their users. They just implemented Office 365, and in an effort to improve productivity they have an Accounting department which their own Office 365 group. Remember for now Office 365 Group are purely “In Cloud” – there will be a conversion process eventually to convert distribution groups to Office 365 groups (see the Roadmap – https://fasttrack.microsoft.com/roadmap).


Office 365 Groups is a tool for addressing collaboration in our modern age – messages via Outlook and Exchange Online, real-time team chat via Skype for Business Online, and document collaboration via SharePoint Online. The best experience right now out there is via OWA in my opinion.


Continue reading “Office 365 Groups & My Apps Panel: A New Twist to an Old Problem” »