With the release of v16 of the Big-IP software, F5 has created a fully guided integration with Azure AD. This allows F5 administrators to publish their published services directly into Azure AD including assignment to the application to users and groups. This post goes over the step by step guide and shows you the field […]
In a previous post I talked about using F5 in front of an Header based application using AAD as the identity provider. While we managed to convert claims into headers, we did not yet integrate the capability of user roles into the equation. Perhaps your application uses “roles” based on headers and users are assigned […]
[this post is my personal view on Azure AD and AD – and does not contain technical instructions – happy to go into discussion on this topic – you know how to find me… ] Last few weeks, out of nostalgia I’ve been installing Windows Server 2000 on a Compaq Proliant with dual Pentium Pro […]
This post is the second in a short series that uses another Azure AD feature, the NPS agent that allows the Network Policy Server (Radius) in Windows Server to act as an MFA provider using Azure AD MFA. – read the first post on: https://blog.azureinfra.com/2020/05/28/f5-azure-ad-radius-mfa-agent-part-1/ The scenario is still a user logging into an F5 […]
I’ve posted a lot already on the integration between F5 APM and Azure AD to achieve SSO, improve the user experience and even link VPN’s to Azure AD. This post is the first in a short series that uses another Azure AD feature, the NPS agent that allows the Network Policy Server (Radius) in Windows […]
In many of my previous posts I talked about B2B users being replicated to your own AD for guest users to be able to login to your backend (Kerberos) applications. This adding of guest users to your AD can be done using my PowerShell script, the MIM guide from Microsoft – although it seems to […]
In earlier posts I talked about my favorite authentication protocol ‘Kerberos’, but obviously there are many more authentication protocols such as HEADER based authentication. While we won’t be sending the password of users straight to the backend webserver we can send additional information. Azure AD App Proxy in combination with Ping Access can already do […]
In earlier posts I talked about using F5 as a reverse proxy to Kerberos based resources using Azure AD authentication. This post takes it a step further. Creating an SSL VPN based on Azure AD identities with Conditional Access (if needed). So, the architecture: As you might have seen, there is no Active directory in […]
When you have your pool up and running, you might want to do some special stuff. For example, you might want to enable Mic + WebCam redirection: Set-RdsHostPool -TenantName <tenantName> -Name <hostpoolName> -CustomRdpProperty “audiocapturemode:i:1;camerastoredirect:s:*;” And there are a lot more options you can enable / disable check: https://docs.microsoft.com/en-gb/windows-server/remote/remote-desktop-services/clients/rdp-files?context=/azure/virtual-desktop/context/context For example, disabling Copy/Paste and Printers, so […]
When you deploy a new Pool, the VM’s in that pool will need access to some URLs and internal IP’s for the deployment to complete. First, the VM’s will be joined to your domain, meaning they will need the standard ports open to the domain controllers and DNS servers. Secondly, an agent is deployed that […]