You are browsing the archive for 2015 March.

Windows 10 Azure Domain Join

4:37 pm in Uncategorized by nsienaert



Hi All,

Next month I’m presenting for Microsoft a TechNet webcast about Windows 10.

You can registere here:

As a kind of teaser for this webcast I wrote this blog talking about Azure Domain Join in Windows 10.

Azure Domain Join is the possibility to “domain join” via the cloud.

You have an out-of-the-box experience when you boot the machine for the first time, this can be interesting in CYOD scenarios more on that in the webcast.

Let’s focus for now on Azure Domain Join in the GUI of a running Windows 10 machine.

I assume you have Azure AD up and running? The only thing you need to pay attention to is that “Device Registration” is enabled into your Azure Directory.


Now on the Windows 10 device go to Settings \ System \ About and click “Connect to Cloud”


Information dialog…  as you can see I do suffer a bit with the screen size as I don’t see my “next” button, it’s a Preview right!


I need to enter my Azure AD credentials, notice as I have Azure AD Premium enabled my Branding shows up. Cool!


I have enabled Azure MFA within Azure AD Premium, so I enter PIN that I receive via SMS.


After that I can see that I’m joined!


Now I can log off and sign in with my AD Credentials. You notice that my logon server is “AzureAD”


Back to Azure AD I can find my registered device back.


Best place to troubleshoot is the Event Viewer where you can find the most relevant logs under “User Device Registration”


So why do we all do this?

Well as you could see my device is now registered into Azure AD so as from now I can set some Conditional Access rules as I do know the device.

If you want more, you know what to do! See you at the webinar!



Azure Application Proxy: Notes from the field

11:54 am in Uncategorized by nsienaert

Hi All,


Microsoft released recently as part of Azure AD Premium the Application Proxy. (AP)

With Windows Server 2012 R2 Microsoft released the Web Application Proxy (WAP) which is the new reverse proxy component that you can use to publish internal resources to the internet. The WAP you will typically place on the DMZ which is most of the time an extra complexity. Because of that Microsoft has released AP into Azure to easy integrate the same service without the need of putting a component on your DMZ.

Be aware that AP only supports http(s) applications today.

I’m not gonna explain how you need to set this up and what the requirements are. This is already explained here:

In this blog I will focus more on troubleshooting.

The problem

The issue I was facing was the following. I publish an internal application into Azure but when I tried to open the Application from “”  I saw an error page like this.


The troubleshooting steps

Connection to Azure Service OK?

As described in the article above some firewall ports needs to be opened to make sure the AP Connector can talk correctly with the Azure Service.

So that’s the first thing to check, can we access the Azure Service correctly? To verify that use the following URLs to see if the required communication ports are open and if you can reach the Azure Service. Open this URL from the browser on the machine where you have installed the AP Connector. (you should be prompted for a certificate) (you should see green check marks)

What is the Event Viewer telling you?

The best logging of Azure Application Proxy you can find the in the eventvwr. As you can see some dedicated folders are created.

I saw the error below, where the AP has problems to download the latest configuration.


So despite of the fact my firewall ports were OK I still had an issue with the communication between the AP Connector and the Azure Service.

The AP Service

If you install the AP Connector two services are installed. Of course you check if these are running correctly.


The ROOT Cause

My customer had a PROXY Configuration that only allowed internet traffic generated by domain accounts. I didn’t notice that by testing the two URLs above because I was a domain user at that time entering the URLs into a browser. So the traffic that the connector is generating between the Azure Service is working via the Network Service Account…

The Solution

Make sure the Connector Ignores proxy Settings! So how do you that?

1) Go the installation path of your AP Connector –> C:\Program Files\Microsoft AAD App Proxy Connector.
2) Edit the follwing file: ApplicationProxyConnectorService.exe.config

3) Add the following (in bold) at the end of the file:

<?xml version=”1.0″ encoding=”utf-8″ ?>
<add key=”TraceFilename” value=”AadAppProxyConnector.log” />
<defaultProxy enabled=”false”>

4) Restart the Microsoft AAD Application Proxy Connector Service

You should see immediately that errors are disappearing in your Event Viewer:


As from now your application should be reachable from “”


Actually nothing new, be careful with Proxy Servers!

Till next time!


MVP Small