I covered managing devices based on policy in http://https://krypted.com//microsoft-exchange-server/manage-activesync-policies-on-ios-using-powershell-in-exchange-2016/. One of those policies is “modern authentication”, Azure Passthrough Authentication, or OAuth if you will. To enable it, log into Exchange Online via PowerShell and run the set-OrganizationConfig to set -OAuth2ClientProfileEnabled to True: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true If you’re using Skype, do an override: Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed Now check that OAuth was enabled properly: Get-CsOAuthConfiguration And viola, you’ve caught up to where WordPress was at with OAuth 8 years ago! Next, check the global ADFS authentication rule: Get-AdfsAdditionalAuthenticationRule And you can use Set-AdfsAdditionalAuthenticationRule. Now, you should be able to check the ADFS rules required for a given MFA requirement: Get-AdfsRelyingPartyTrust –Name "Krypted" And…
-
-
Configure Profile Manager On Yosemite Server (Yosemite running the Server app)
Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for OS X based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. In OS X Mountain Lion, Apple added a number of new features to Profile Manager and revved the software to Profile Manager 2.0, most notably adding the ability to push certain types of apps to mobile devices. In Mavericks Server (Server 3), Apple provides new options and streamlined a bunch of things, most notably App Store and…
-
Restricting Access To Sites On iOS Devices
One of the more common requests we get for iOS devices is to restrict what sites on the web that a device can access. This can be done in a number of ways. The best, in my experience, has been using a proxy. In Apple Configurator 1.2 there’s an option for a Global HTTP Proxy for Supervised devices. This allows you to have a proxy for HTTP traffic that is persistent across apps. Each Wi-Fi network that you push to devices also has the ability to have a proxy associated as well. This is supported by pretty much every MDM solution, with screens similar to the following, which is how…
-
Pentesting Mac OS X Server With Nessus 5
One of my favorite tools for penetration testing is Nessus from Tenable Network Security. Nessus 5 is the latest release in the family of vulnerability scanners that is probably amongst the most prolific. Nessus 5 does discovery, configuration auditing, profiling, looks at patch management and performs vulnerability analysis on a variety of platforms. Nessus can also run on a Linux, Windows or Mac OS X and can be used to scan and keep track of vulnerabilities for practically any platform, including Mac OS X. To install Nessus, go to the Nessus site and click on the Download button, around the middle of the page. Agree to the download agreement and…
-
LoginWindow: PolicyBanners and Backgrounds
The Login Window in OS X is the screen you see while you’re typing in a username and password. There are a number of customizations used in some environments to make the system easier for users to use, or to make it more specific to a given user environment. One such is customizing the Login Window’s background, which can be done by replacing this file with one that you would like to use: /System/Library/PrivateFrameworks/LoginUIKit.framework/Versions/A/Frameworks/LoginUICore.framework/Versions/A/Resources/appleLinen.png You can also configure a message to be shown to users. This message, often referred to as an Acceptable Use Policy, can be used as a policy banner that users must accept in order to log…
-
Windows XP: Deploying Policies for Microsoft Office
You can set various policies for Microsoft Office. When you install the Office Resource Kit (orktools.exe) you will be able to go into the Start->Programs->Microsoft Office Tools-> Microsoft Office Resource Kit -> System Policy Editor to do so.
-
Mac OS X Server: Pushing Out Policies Using Open Directory
Now if you’re looking to push policies out from a centralized directory service that is not Active Directory then you will have slightly more work to do. You will be using the poledit.exe utility rather than gpedit.msc. The poledit.exe tool is stored on a Windows 2000 Server CD. If you install the Admin Tools using the driveletteri386adminpak.msi installer then you will be able to build a policy file in adm format that can then be distributed. When you open the Poledit.exe application you will click on File-> New New Policy. From here you will see Default User and Default computer (much as with it’s successor gpedit.msc). Options in poledit.exe for…
-
Mac OS X: Bluetooth
Ever wonder what the process is that manages Bluetooth on your machine? Well, it’s blued. Now, I’ve had the occasion where I wanted to outright disable blued, so I’ve actually renamed it or removed it from my system image. But what if you want to set any preferences for Bluetooth? Well, those are stored in the com.apple.Bluetooth.*.plist file. The * here is due to the fact that it’s based on your machine, thus a ByHost Preference. The location is /var/root/Library/Preferences/ByHost. So if you take that preference file and copy it to another machine it won’t actually work. The other machine will create another as it has a different machine address.…
-
Mac OS X: Automatically Open Expanded Viewing
The open and save dialogs can automatically have the expanded view opened by default rather than having you need to open it manually each time you go to open or save a file. To enable this setting, use the following command: defaults write -g NSNavPanelExpandedStateForSaveMode -bool TRUE