Windows Server 2012 R2 – Workplace Join from Mobile Devices

It’s only been a year since Windows Server 2012 was released, but we already have a new version of the operating system incoming in the form of Windows Server 2012 R2.

While R2 releases usually don’t change things dramatically, there’s still some new features and general polish to make it worthwhile. If you’ve got a few hundred hours to spare I can recommend streaming through both Build and TechEd sessions over on Channel9 to learn more 🙂

As per the usual marketing speak there’s no end to what the new release can do to empower businesses and enabling visions, etc.

That’s all nice and dandy, but how about seeing if there’s something we can use?

Clearly there’s no need for me to cover everything, but I thought I’d look into the Workplace Join feature today as that must be said to be a feature intended for the mobile crowd. It currently supports iOS in addition to Windows 8.1. Windows 7 has been confirmed as a candidate for support after RTM. Android has an unknown status.

I spun up a couple of servers and configured them according to this guide:
Workplace Join – Setting up the lab environment:

Read more

Two-factor Authentication on Mobile Devices

I have a number of things I find interesting when it comes to computers and gadgets, and a recurring theme for me is decent security combined with good user experiences. (That does sound grandiose doesn’t it?)

Lately I’ve been researching this more than usual partly due to building some services in Windows Azure where I want to provide secure and authenticated access. (And I don’t consider myself competent to build a fully hardened solution from scratch just because I know what hashing and salting of passwords means.) While looking into this I came across a nifty product series called YubiKey from, and wanted to share some thoughts on these. If you’ve visited my blog before you might have noticed I’ve already covered client certificates a few times, which of course also meets the definition of two-factor, but this time around we’re looking at hardware for providing the additional factor.

Read more

/CertSrv vs Mobile Devices

I mentioned in my last blog about Android Ice Cream Sandwich that it is now possible, (actually from Android 3.x Honeycomb), to enroll certificates directly from the /CertSrv web site onto your mobile device. (If you’re running a Microsoft CA of course.)

This is all nice and dandy, but it’s not like Android devices are the only devices you’re likely to be supporting. With the tablet varieties the split is something like 90/10 iPad vs “the rest”. However if you ever tried loading up /CertSrv on your iOS device or your Windows Phone you’ll have noticed that it’s not working.

I find this slightly annoying, and decided to look into this further. Those pesky ActiveX controls can’t be the only reason right? 🙂

There’s two things to sort out here really; is it anything with the web pages themselves and the server, or something on the browser side. Turns out there’s a bit of both involved actually.

Read more