Using Azure AD Directory Extensions with Calendar Publishing

I ran through a setup three weeks ago where I used the “Directory Extensions” preview feature in Azure Active Directory to show how I could store an extra id on the user object and use this attribute in a different web app:
http://mobilitydojo.net/2014/04/08/extending-your-azure-active-directory-part-1/

Not feeling entirely done with creating samples I’ll be building another web app showing another scenario where directory extensions might be a useful approach. We’ll extract some data from Office 365 (Exchange Online more specifically), and insert into Azure AD and re-use it.

Exchange Online has this neat feature where you can publish your calendar externally so anyone can check it without being a member of your Active Directory. Actually, it’s not just Office 365 users who get this – Exchange 2013 on-prem can do so as well, but this sample will only explore the clouded version. (You can probably tweak it to work with a local Exchange Server if you like; the differences are probably fairly minor.) I’m not saying there aren’t drawbacks to using this feature, you certainly should not expose all details in your calendar to the general public, but it can be useful in a couple of scenarios and you don’t have to share all the details either.

Read more

Mobile Devices and IPv6. How Goes? – Windows Phone 8.1

Way back in September 2012 I built a lab for supporting IPv6, and running basic connectivity tests for mobile devices:
http://mobilitydojo.net/2012/09/18/mobile-devices-and-ipv6-how-goes-part-i/

The conclusion back then was that iOS supported IPv6, Android was very dependent on the build you had on your device, and Windows Phone didn’t support IPv6. Well, it sort of supported it, but in a half-baked way. I was able to have a Windows Phone 8.0 device acquire an IPv6 address through DHCPv6, but never got it working for any practical purposes since it didn’t support SLAAC. Short recap, (read the original blog post for all the details), SLAAC was required back then in a Windows environment to actually get online. I don’t know if this is different with Windows 8.1/2012 R2.

Read more

Windows Phone 8.1 – Kiosk Mode

We’re not entirely done covering new enterprise features in Windows Phone 8.1. Let’s dive into what I would usually call "Kiosk Mode". (At least it’s meant as an enterprise feature, but if you’re the controlling type I suppose you could turn it into a "kids mode on steroids".)

Smartphones are nice devices for enabling the user to do a whole bunch of things, but there are plenty of scenarios where you don’t want the end-user doing all sorts of stuff on their devices. If you control a fleet of delivery drivers who carry a smartphone for keeping track of their routes & pickups, and having the customer sign for the delivery, you don’t want the driver playing Angry Birds on the device on their break. Quite often I hear enterprise customers asking "how do we lock down these devices so the user can’t mess it up"?

We can lock it down by placing it in what we call a "kiosk mode". A kiosk mode alters the interface so the end-user can only access very specific parts of the operating system. Most of us face these kinds of interfaces almost every day; paying for bus tickets on an unmanned machine, withdrawing money from ATMs, etc. And I think I’m not the only one to be happy that I face a simplified UI focused on the specific thing I’m trying to achieve.

iOS has what they refer to as "Guided Access" to put one app in focus, and while Android has no Google-provided feature (that I’m aware of) you can lock down Samsung devices by using their enterprise APIs.

Windows Mobile (old school pre-Metro) also had the ability to lock down the UI fairly good back in the day. Technically kiosk mode wasn’t officially supported or sanctioned, but is was possible to implement nonetheless through different tweaks.

Windows Phone however hasn’t had any ability to do this until now. With the 8.1 version bump Microsoft adds a kiosk mode, but prefers to call it "Assigned Access". The naming is in line with 8.1 non-phone, however how it works is not fully synchronized between the two operating systems. This post will focus only on the Windows Phone implementation.

The Assigned Access features consists of more than just slapping one app in front and saying that’s all you can use. You could say that you create a set of apps and settings to compile a complete kiosk experience.

The kiosk mode can to the best of my knowledge only be configured through MDM.

Read more