Tag Archives: Azure

Azure Virtual Desktop – Apply monthly Microsoft Security Cumulative Updates on the golden image with Azure Compute Galleries

14 Nov

We have numerous articles showcasing how to create the golden master image to deploy within the Host Pool. This blog post will showcase how to perform recurring monthly security patch updates within the golden master image and push that into your Host Pools within Azure Virtual Desktop.

  • Pre-requisites
  • Azure Compute Galleries – Create VM
  • Console to Golden Image (RDP or Azure Bastion)
  • Install the Microsoft Latest Cumulative Update (LCU)
  • Sysprep (Generalize and Shutdown)
  • Capture the Virtual Machine
  • Azure Compute Galleries – New Version
  • Drain and remove old session host vms

Feature Whishlist

If Microsoft is listening – requesting the feature of leveraging the Update Rings from Micorosft Intune can be integrated into applying the quality updates from #Intune on Microsoft Windows 10/11 Multi-session

Pre-requisites

The assumption here is that you already have a golden image and existing versions available. Below is an example from Azure Computer Galleries of a Windows 11 Multi-session and current running version 0.0.2 within my Host Pools. (Note its an already generalized image – See the OS State)

Azure Compute Galleries – Create VM

The first step here is to update the golden image with the monthly Microsoft Cumulative Security update, and we want to create a new virtual machine from the existing version of 0.0.2. (Background version 0.0.2 include the October 2022 Latest Cumulative Updates)

Now you will be presented with a Create VM wizard

Select Next – Disk Settings

Select Next – Networking Settings

Select Next – Management Settings

Select Next – Monitoring Settings

Select Tags

Select Review & Create the Virtual Machine – Golden Image.

#Tip – On the rare occasion that the creation of the virtual machine fails, in one instance, I had forgotten to perform Sysprep on the existing version in Azure Compute Galleries (e.g. 0.0.1). In such scenarios, create a virtual machine from the previous version number you know that works well.

Console to Golden Image (RDP or Azure Bastion)

We now have the newly created golden image from the existing version 0.0.2 within the Azure – Virtual Machines blade listed and status=Running.

Download the RDP file and console into the Virtual machine – Win11MSGI04 (Note, as previously mentioned, this is a bad practice in a production environment as it needs public IP for access. The best approach here is to leverage Azure Bastion and click on the Bastion option, and securely console the VM via browser)

Install the Microsoft Latest Cumulative Update (LCU)

In our scenario, we shall install the November 8, 2022—KB5019980 (OS Build 22621.819) for Windows 11 22H2 Multi-session. Note I am using the Powershell pswindowsupdate module, but you can download and offline install the Windows update (LCU, which also includes SSU)

Get-WUList -MicrosoftUpdate

Install the Update

Get-WindowsUpdate -KBArticleID KB5019980 -Install -AutoReboot | Out-File "c:\Temp\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

Post the reboot validate the windowsupdate log output to determine whether the patch was installed successfully. Optionally perform Disk Clean.

Sysprep (Generalize and Shutdown)

We are onto our final step before the capture. Perform Sysprep on the image and shutdown

%WINDIR%\system32\sysprep\sysprep.exe /generalize /shutdown /oobe

#Tip – Make sure the end state of the virtual machine status = Stopped (deallocated) before following the next step of Capture. Sysprep is the most crucial step if you forget this, your provisioning will fail with an error.

Capture the Virtual Machine

We will capture this image into Azure Compute Galleries

Next Capture wizard

#Tip – As we selected “Delete” post creation, the virtual machine will not appear within the Azure – Virtual Machines. Below is the task for the deletion.

Azure Compute Galleries – New Version

We can now see the latest version showing up 0.0.3 post the capture process. This version is now ready to be added to the AVD – Host Pools

Add Session Host Virtual Machine (New security patch version 0.0.3)

After clicking on Add, it will open the “Add virtual machine to a host pool” wizard

Select Next – Virtual Machines

Next enter the tags of your choice and hit Create

Drain and remove old session host vms

Put the old session host virtual machines in the drain and remove the virtual machine. This step will depend on how much time log-off all the end-user sessions will take on the VM.

Next, if all the sessions are drained. Select the old virtual machine and select Remove.

Note – When you hit remove for the session host virtual machine within the Host Pools blade, it will only remove the virtual machine from there. You will have to go into the Azure – Virtual Machines blade and stop and delete the virtual machine from there. The good thing here is that as we had selected delete disk/network (checkbox) during creation, it will delete everything associated with the VM.

#Tip – As a precautionary step, you can delete the virtual machine after 2-3 days after production stabilizes in case you have to revert and manually add the VM’s back into the host pool

A big thanks to Mahammad Kubaib for reviewing this blog post based on his previous experience. I hope you will find this helpful information for performing monthly cumulative security updates on your Azure Virtual Desktop – Host Pools. If you want to see a Powershell version of the same activity, leave me a comment below or on my socials. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , ,

Alerts (preview) for Windows 365 Cloud PC

6 Oct

In the Sep 2022 Windows 365 announcements, we had the alerts features been dropped for Windows 365. In my opinion, it was a much awaited feature for any enteprise that is trying out Windows 365 Cloud PC. This blog post will look at the alerts and their configurations.

Introduction

Let’s look at where is this feature available within the portal. Go to your Microsoft Endpoint Manager admin center – https://endpoint.microsoft.com and navigate to Tenant AdministrationAlerts (preview) and click on Alert Rules.

Alerts – Windows 365 Cloud PC

Alerts Details

At present, we have 3 alert rules and I am positive more will follow soon as enteprise and customers raise feature request with Microsoft.

Azure network connection failure – Azure network connection checks have failed and are potentially impacting existing Cloud PCs and blocking the provisioning of new Cloud PCs. This alert is typically used when leveraging the Azure VNET to connect the Cloud PC with your on-premise network using (ExpressRoute or Site-2-Site VPN). Knowing if there are issues with the network connectivity is very important as it will block provisioning and other failures.

Azure Network connection failure
Customization of the threshold

Upload failure for custom images – Custom image uploads have failed and can delay the provisioning of new Cloud PCs. This alert is typically used when leveraging the custom Azure gallery image or custom image for your Cloud PC. Knowing if there are issues with the image upload will help to understand why Cloud PC is not being created.

Upload failure for custom images

Provisioning failure impacting Cloud PCs – Provisioning has failed and is delaying end users from connecting to their Cloud PCs

Provisioning failure impacting Cloud PCs

Severity

You can tweak all three alerts based on Critical, Warning and Information. This tweaking will depend on your organizational needs and SLA requirements around each technology aspect available/failed.

Alerts – Triggered/Acknowledgement

Once the above configured alerts are triggered, they get listed under Alerts and the NOC teams monitoring the systems will have to acknowledge the alert and once resolved they need to select Resolved and close the alert.

Triggered – Alerts

I hope you will find this helpful information for setting up alerts for Windows 365 Cloud PC within your environment. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , , ,

Mindmap – Part 2 – Horizon Cloud on Microsoft Azure (HCoA) – Configuration of Images – Desktops – Farms – Assignments

13 Apr

This post is in continuation of my part 1 – Mindmap – Part 1 – Horizon Cloud on Microsoft Azure (HCoA) – Quick start guide where we look at pre-requisites and the initial deployment of the HCoA solution. In this post, I want to share my learnings about the configuration of Images, Virtual Desktops, Farms and Assignments. We shall take a look into the following topics:

  • Mind map for Horizon Cloud on Microsoft Azure – Part 2 – Configuration of Images – Desktops – Farms – Assignments
    • Creating a Virtual Desktop or RDSH Image
      • Import VM
      • Create Image (Converting VM to Image)
    • Farms (Published Applications)
      • Create Desktop Farm
    • Add Applications to the Farms
      • New Applications – Auto-Scan from Farm
    • Create an Application Assignment
    • Create an Assignment for Multi-session or Hosted Shared Desktop
    • Create a Virtual Desktop Assignment (Persistent – Full Clone)
    • Create a Virtual Desktop Assignment (Non-Persistent – Floating)
    • AppStacks

In the second part of this series, the mindmap acts as an visual representation of all the configurations to be performed post the initial deployment of the Horizon Cloud Pod. It also helps during customer discussions and allows everyone to be on the same page. You can figure out in advance the pre-requisites, deployment details, and requirements for performing the next steps in your HCoA journey.

HCoA – Part 2

Disclaimer – This guide is a deployment/configuration guide, and the production settings, configuration, and use-cases might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

Horizon-Cloud-on-Azure-Part-2-Twitter-@askareshDownload

Screenshots from my deployment

Horizon Cloud POD Managers + Unified Access Gateways

Note everything is deployed keeping in mind High availability.

  • 2 x Horizon Cloud Pod Managers
  • 2 x External Unified Access Gateways (Public IP)
  • 2 x Internal Unified Access Gateways (Internal on-premise network)
Azure – Virtual Machines

Azure Load Balancers

  • 1 x Horizon Cloud Pod Managers
  • 1 x Public UAG Appliances
  • 1 x Internal UAG Appliance
Azure – Load Balancers

Azure Virtual Network

I have created the vNet as part of pre-requisites in Part 1 series

  • 1 x Subnet for DMZ (Unified Access Gateway)
  • 1 x Subnet for Mgmt (Pod Managers)
  • 1 x Subnet for Workload (Desktop/Farms)
Azure – vNet

Azure Resource Groups

Note these are auto-created during the Pod deployment.

Azure – Resource Groups

I hope you will find this helpful information on your HCoA journey. Please let me know if I have missed any steps in the mindmap, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , , , , ,

Mindmap – Part 2 – Managing Azure Virtual Desktop (AVD)

21 Jan

This blog post is in continuation of my part 1 – Mindmap – Part 1 – Azure Virtual Desktop (AVD) – Quick start guide to virtual desktop/applications | AskAresh where we look at deploying the AVD solution. In this post, I want to share my learnings with you all around the management and #Day2 aspects of AVD. We shall take a look into the following topics:

  • Mind map – Managing Azure Virtual Desktop
    • Scale Out – Add extra Host (VM) to the Host Pools
    • Lifecycle – Update your Master Image – Shared Image Gallery aka Azure compute galleries
    • Drain the old Session Host VM
    • Automatically Power ON the Session host Virtual Machines
    • Monitoring Azure Virtual Desktop

Mindmap for Managing Azure Virtual Desktop (AVD)

I have managed to document all the high-level steps involved in managing the AVD on an ongoing basis. The idea here is that the mindmap acts as an excellent visual representation of what to do during ongoing maintenance activities. You can figure out in advance the requirements/steps and pre-requisites.

Managing Azure Virtual Desktop
Managing Azure Virtual Desktop

Disclaimer – This guide is a get you started guide, and the production management may vary. Please make sure you always reference Microsoft documentation. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

managing-azure-virtual-desktop-twitter-40askareshDownload

I hope you will find this helpful information on your Managing Azure Virtual Desktop journey. Please let me know if I have missed any steps in the mindmap, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , , , , , ,

Mindmap – Part 1 – Azure Virtual Desktop (AVD) – Quick start guide to virtual desktop/applications

1 Nov

I have been learning Azure Virtual Desktop (AVD) from the awesome book DaaS – The Complete Guide: A Step-by-Step Guide on deploying Desktop-as-a-Service solutions from Microsoft, Nutanix, Citrix, VMware, Accops. I want to share my learnings with you all, and in this post, we shall take a look into the following topics:

  • Mind map for Azure Virtual Desktop – Getting started
    • Getting started with Azure Virtual Desktop (AVD)
    • Deployment – Pre-requisites for AVD
    • Master Images – (Windows 10 Multi-Session, Windows 10 1909 Enterprise or Windows Server 2019 DC)
    • Template and Shared Image Gallery
    • Host Pools
    • Application Groups
    • Workspaces
    • Windows Desktop Client
  • Quick Start Links

Mindmap for Azure Virtual Desktop (AVD) – Getting started

Managed to put together a mindmap on the AVD getting started from zero to a working desktop or application. The idea here is the mindmap acts as an excellent visual representation of what to do during pre-requisites, deployment and you can figure out in advance the requirements/steps and pre-requisites.

Azure Virtual Desktop

Disclaimer – This guide is a get you started guide, and the production settings and configuration might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

azure-virtual-desktop-twitter-40askaresh-1Download

Change log

  • The Mindmap was last updated on 21st Jan 2022 with lots of changes!

The intention here is to get you quickly started on Azure Virtual Desktop Solution:

DescriptionLinks
Azure Virtual Desktop OverviewWhat is Azure Virtual Desktop? – Azure | Microsoft Docs
Azure Virtual Desktop technical (ARM-based model) deployment walkthrough. (Christiaan Brinkhoff)Azure Virtual Desktop technical (ARM-based model) deployment walkthrough. It covers all you need to know and beyond! | christiaanbrinkhoff.com – Sharing Cloud and Virtualization Knowledge
AVD Zero to Hero (YouTube – I am IT Geek)Series 5: Episode 1 – AVD Zero to Hero Introduction – YouTube (Playlist)
AVD PowerShellAzure Virtual Desktop PowerShell – Azure | Microsoft Docs
AVD PricingAzure Virtual Desktop | Microsoft Azure

I hope you will find this helpful information on your Azure Virtual Desktop journey. Please let me know if I have missed any steps in the mindmap, or reference links, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , , , ,

Mindmap – Azure VMware Solution – Guidance on Deployment and Networking

12 Oct

I have been trying out the Azure VMware Solution (AVS) on the VMware HOL and going through the techzone documentation. In this post, we shall take a look into these topics:

  • Mindmap – Steps for AVS Deployment and Networking
  • Quick Start Links
  • Optional – Deploy AVS via Azure Resource Manager Templates

Mindmap for AVS Deployment/Networking

Managed to put together a mindmap on the AVS deployment and networking steps of the service. The idea here is the mindmap acts like an excellent visual representation of what to do during deployment and you can figure out in advance the requirements/steps and pre-requisites.

Azure VMware Solution

Here is the PDF version if you would like to download and zoom-in

deploy-azure-vmware-solution-avs-network-connectivity-40askareshDownload

Quick Start Links

The intention here is to get you quickly started on Azure VMware Solution:

DescriptionLinks
AVS TechzoneAzure VMware Solution | VMware
AVS Hands-on LabAzure VMware Solution Hands-on Labs | VMware
AVS PricingPricing – Azure VMware Solution | Microsoft Azure
AVS (Microsoft Doco)Azure VMware Solution documentation – Azure VMware Solution | Microsoft Docs
AVS Logical DiagramAzure VMware Solution Logical Design
Useful Links

Optional – Deploying AVS using Azure Resource Manager

We can also deploy the AVS solution via PowerShell and using the Azure Resource Manager (ARM) template. The advantage here is you have slightly more advanced options that are not available via the GUI. (E.g. You can set the desired password for vCenter and NSX)

{
  "type": "Microsoft.AVS/privateClouds",
  "apiVersion": "2021-06-01",
  "name": "AE-1-AVS-01",
  "location": "Australia East",
  "tags": {
    "Billing": "IT",
    "Department": "IT"
  },
  "sku": {
    "name": "AV36"
  },
  "properties": {
    "circuit": {},
    "identitySources": [
      {
        "alias": "string",
        "baseGroupDN": "string",
        "baseUserDN": "string",
        "domain": "string",
        "name": "string",
        "password": "string",
        "primaryServer": "string",
        "secondaryServer": "string",
        "ssl": "string",
        "username": "string"
      }
    ],
    "internet": "string",
    "managementCluster": {
      "clusterSize": "3"
    },
    "networkBlock": "10.19.0.0/22",
    "nsxtPassword": "yourchoicepassword",
    "vcenterPassword": "yourchoicepassword"
  }
}

I hope you will find this helpful information on your AVS journey. Please let me know if I have missed any steps in the mindmap or reference links and I will be happy to update the post.

Thanks,
Aresh Sarkari

Tags: , , , , , , , ,

SAML Authentication Flow – Azure Active Directory and VMware Workspace ONE Access

28 Sep

Many blogs discuss and show in detail how to integrate the Azure Active Directory (AAD) with VMware Workspace ONE Access (WoA) as a 3rd party IDP, and the following are my top post on that topic:

However, in this blog post, I would like to shed more light on the SAML Authentication Flow between the Azure Active Directory (Identity Provider) and VMware Workspace ONE Access (Service Provider). When designing the WoA and AAD integration, the below flow helped me understand what is happening behind the scenes, and I thought of sharing my knowledge with you all.

  • SAML Authentication Flow
  • AuthnRequest
  • Issuer
  • NameIDPolicy
  • RequestAuthnContext
  • SAML Response that AAD sends to WoA

#ProTip – I use a Chrome/Edge extension called SAML-tracer to inspect the SAML responses back and forth within the browser.

SAML Authentication Flow

The diagram below describes the single sign-on sequence. The VMware Workspace ONE Access (the service provider) uses an HTTP Redirect binding to pass an AuthnRequest (authentication request) element to Azure AD (the 3rd party identity provider in case of WoA). Azure AD then uses an HTTP post binding to post a Response element to the cloud service.

SAML Authentication Flow – AAD and WoA
S. No.Description Flow
1.End-user tries to access the VMware Workspace ONE Access portal
2.VMware Workspace ONE Access finds the identity provider to authenticate the user
3.VMware Workspace ONE Access generates a SAML 2.0 AuthnRequest and redirects the user’s browser to the Azure AD SAML single sign-on URL
4.If the end-user is not signed in, Azure AD authenticates the user using multi-factor authentication & generates a SAML token
5.Azure AD posts the SAML response to the WoA application via the user’s browser
6.VMware Workspace ONE Access verifies the SAML Response
7.VMware Workspace ONE Access completes the end-user sign-in and presents the desktop/app entitlements

Note – I have randomly created the GUID within the XML response just for demonstration purposes.

AuthnRequest

To request a end-user authentication, from WoA portal send an AuthnRequest element to Azure AD.  Following is the SAML SAML 2.0 AuthnRequest from WoA portal:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    AssertionConsumerServiceURL="https://askaresh.com/SAAS/auth/saml/response"
                    Destination="https://login.microsoftonline.com/adsadas-2312asdasd-asdasda-2312asdda/saml2"
                    ForceAuthn="false"
                    ID="_sdasdwqezxdasdasd2313asdas"
                    IssueInstant="2021-08-04T00:24:08.092Z"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    ProviderName="askaresh.com"
                    Version="2.0"
                    >
 
</samlp:AuthnRequest>

Issuer

The Issuer element in an AuthnRequest must exactly match one of the ServicePrincipalNames in the cloud service in Azure AD. Typically, this is set to the App ID URI that is specified during application registration. (When the Enterprise Application is created under AAD portal)

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://askaresh.com/SAAS/API/1.0/GET/metadata/sp.xml</saml:Issuer>

NameIDPolicy

This element requests a particular name ID format in the response and is optional in AuthnRequest elements sent to Azure AD. A NameIdPolicy element looks like the following from WoA portal:

<samlp:NameIDPolicy AllowCreate="false"
                        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>

RequestAuthnContext

The RequestedAuthnContext element specifies the desired authentication methods. It is optional in AuthnRequest elements sent to Azure AD. Azure AD supports AuthnContextClassRef values snippet from WoA portal:

<samlp:RequestedAuthnContext>
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>

SAML Response AAD sends to WoA portal (Step 5-6)

The SAML Repsonse that AAD sends back to WoA portal:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                ID="_2132sdasdasdas-asdasd-aeeqwq-adsa"
                Version="2.0"
                IssueInstant="2021-08-04T02:39:06.365Z"
                Destination="https://askaresh.com/SAAS/auth/saml/response"
                InResponseTo="_ad123123213qws12312asa1"
                >
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/se13edsadsadasdasdasd2342342dasdas/</Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
               ID="_324sadasdsa-adsa-asd1312-adsasdas"
               IssueInstant="2021-08-04T02:39:06.365Z"
               Version="2.0"
               >
        <Issuer>https://sts.windows.net/123asdasdas-adsa-asdsad-asdsad-4523213432asd/</Issuer>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                <Reference URI="#_54fb024a-f2f0-4495-99c7-f47e3fd37701">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                    <DigestValue>3213asdasdase3432sdsadasd2342432423675=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>SIGNATUREDATA==</SignatureValue>
            <KeyInfo>
                <X509Data>
                    <X509Certificate>CERTDATA==</X509Certificate>
                </X509Data>
            </KeyInfo>
        </Signature>
        <Subject>
            <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">aresh@askaresh.com</NameID>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <SubjectConfirmationData InResponseTo="_aasdwqewqsadsadasdsa-asdasd-asdasd"
                                         NotOnOrAfter="2021-08-04T03:39:04.318Z"
                                         Recipient="https://askaresh.com/SAAS/auth/saml/response"
                                         />
            </SubjectConfirmation>
        </Subject>
        <Conditions NotBefore="2021-08-04T02:34:04.318Z"
                    NotOnOrAfter="2021-08-04T03:39:04.318Z"
                    >
            <AudienceRestriction>
                <Audience>https://askaresh.com/SAAS/API/1.0/GET/metadata/sp.xml</Audience>
            </AudienceRestriction>
        </Conditions>
        <AttributeStatement>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
                <AttributeValue>adsad1-adsasdsa-adasdasd-adasdsa-12321321</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
                <AttributeValue>123dsfssdfw12312asdasdadasdxsas21s</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
                <AttributeValue>https://sts.windows.net/131sdfsdfsdfsdcs13123123dsfsdfsdfxcr21e23rwadsadsa/</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
                <AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
            </Attribute>
            <Attribute Name="email">
                <AttributeValue>aresh@askaresh.com</AttributeValue>
            </Attribute>
            <Attribute Name="ExternalID">
                <AttributeValue>8711aaae-b7b3-4202-8faf-f2408ffd7cf9</AttributeValue>
            </Attribute>
            <Attribute Name="userName">
                <AttributeValue>aresh@askaresh.com</AttributeValue>
            </Attribute>
            <Attribute Name="userPrincipalName">
                <AttributeValue>aresh@askaresh.com</AttributeValue>
            </Attribute>
        </AttributeStatement>
        <AuthnStatement AuthnInstant="2021-08-04T02:38:59.239Z"
                        SessionIndex="_123123-adsasdsa-ad213123dsaasdsa"
                        >
            <AuthnContext>
                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
            </AuthnContext>
        </AuthnStatement>
    </Assertion>
</samlp:Response>

Reference Link

The above flow I learnt from an excellent Microsoft page – Azure Single Sign On SAML Protocol – Microsoft identity platform | Microsoft Docs. Without this article, it wouldn’t have been possible to understand this under the hood.

I hope you will find the above information helpful in your journey with AAD/WoA. A small request if you see any scope of improvisation or refinements. I hope you can share it back with me?

Thanks,
Aresh Sarkari

Tags: , , , , , ,

Newer Entries →