Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)

Yesterday, Microsoft released updates for all supported versions of Windows and Windows Server to address a remote code execution vulnerability in DNS Server, marked as critical. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1350.                                                                                                                                     About the vulnerability A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they … Continue reading "Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)"

I’m hosting a webinar with Netwrix on Three approaches for migrating to the cloud

On July 30th, 2020, I’ll present an 1-hour webinar with Netwrix. Together with Russell McDermott I’ll discuss the three approaches to cloud migration.                                                                                                                                    Three Approaches to Cloud Migration Thursday July 30th, 2020, 2PM BST / 3PM CEST This is a topic that is near to my heart, as I see many organization struggle with … Continue reading "I’m hosting a webinar with Netwrix on Three approaches for migrating to the cloud"

Identity-related Sessions at Microsoft Inspire 2020

Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. As all of Microsoft’s events will have a focus on online events until July 2021, Microsoft Inspire … Continue reading "Identity-related Sessions at Microsoft Inspire 2020"

Azure AD Connect v1.5.42.0 introduces Exporting and Importing Configurations

Last Friday, a new version of Azure AD Connect was released: version 1.5.42.0. This version offers Import/Export functionality and a couple of fixes. After every fresh major release of Azure AD Connect by Microsoft, several smaller hotfix releases update the functionality to prevent issues where administrators are not able to perform certain configurations or gain … Continue reading "Azure AD Connect v1.5.42.0 introduces Exporting and Importing Configurations"

HOWTO: Disable Office for the Web for your Microsoft 365 users

Office for the Web (previously known as Office Web Apps) is one of the nicest features in Microsoft 365. It allows people to view and interact with documents in their web browser, without the need to install or use any of the native Microsoft 365 apps. Alas, there are some privacy concerns, and some organizations … Continue reading "HOWTO: Disable Office for the Web for your Microsoft 365 users"

KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail

There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled.               The situation In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts … Continue reading "KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail"

KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled

Organizations are still using settings in the old PhoneFactor Multi-factor Authentication portal. However, with the new Security Defaults functionality, they may hurt themselves by locking out users, after the 14-day grace period for registering multi-factor authentication expires.   About the PhoneFactor verification options The old PhoneFactor Multi-factor Authentication portal experience is a remnant of Microsoft … Continue reading "KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled"

TODO: Move from MFA Trusted IPs to Conditional Access Named Locations

Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today let’s tackle a third configuration item: PhoneFactor’s Trusted IPs. The … Continue reading "TODO: Move from MFA Trusted IPs to Conditional Access Named Locations"

What’s New in Azure Active Directory in June 2020

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory and on its blog, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2020:   What’s Planned User risk … Continue reading "What’s New in Azure Active Directory in June 2020"

Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts

Virtualizing Domain Controllers introduces risks that are not present when running non-virtualized Domain Controllers. Two of these problems –running Domain Controllers on hosts with the wrong time and running all Domain Controllers on the same host –can be addressed with one VMware vSphere feature: VM/Host Rules.   Additional challenges when running virtualized Domain Controllers We’ve … Continue reading "Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts"