Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure … Continue reading "HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases"
What’s New in Identity from Microsoft Inspire 2020
Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. This year’s Inspire event brought us the following Identity-related news: New Surface Hub OS featuring Azure … Continue reading "What’s New in Identity from Microsoft Inspire 2020"
Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator
VMware’s vRealize Orchestrator is a product used by many virtualization admins to automate common tasks. Today, we’re looking at using vRealize Orchestrator to enable automation of common Active Directory tasks, so Active Directory admins may benefit from this solution using the publicly available blueprints for Active Directory. About vRealize Orchestrator vRealize Orchestrator helps simplify … Continue reading "Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator"
HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. User objects with the Global administrator role are the highest privileged objects in Azure AD and should be monitored. The challenge with Global Admins Some organizations have opted for a Technical State … Continue reading "HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role"
TODO: Move from the Azure AD Graph API to the Microsoft Graph API
Last month, Microsoft has announced the deprecation of the Azure Active Directory Graph API (graph.windows.net). Going forward, the Microsoft Graph API (graph.microsoft.com) is the supported way to gain access to Azure Active Directory programmatically. What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications and tools communicating … Continue reading "TODO: Move from the Azure AD Graph API to the Microsoft Graph API"
HOWTO: Perform an Azure AD Connect Swing Migration
Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. As with any system in a networking infrastructure, … Continue reading "HOWTO: Perform an Azure AD Connect Swing Migration"
How To: Exchange Authentication Policies
There are several ways how you can protect and limit access to Exchange Online. Conditional Access, Client Access Rules, the older ActiveSync Device rules and, the topic of this post, Authentication Policies. These policies are available in Exchange Online and Exchange Server 2019 since CU2. This article will show you how to implement this. Why … Continue reading "How To: Exchange Authentication Policies"
Three ways to use Site Recovery Manager with virtualized Domain Controllers
One of the benefits of virtualizing machines is the built-in resiliency of the underlying virtualization platform. In many vSphere environments consisting of multiple datacenters, this resiliency is expanded with Site Recovery Manager. There are, however some things you’ll want to know about using Site Recovery Manager in combination with virtualized Domain Controllers. As usual, not … Continue reading "Three ways to use Site Recovery Manager with virtualized Domain Controllers"
Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)
Yesterday, Microsoft released updates for all supported versions of Windows and Windows Server to address a remote code execution vulnerability in DNS Server, marked as critical. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1350. About the vulnerability A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they … Continue reading "Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)"
I’m hosting a webinar with Netwrix on Three approaches for migrating to the cloud
On July 30th, 2020, I’ll present an 1-hour webinar with Netwrix. Together with Russell McDermott I’ll discuss the three approaches to cloud migration. Three Approaches to Cloud Migration Thursday July 30th, 2020, 2PM BST / 3PM CEST This is a topic that is near to my heart, as I see many organization struggle with … Continue reading "I’m hosting a webinar with Netwrix on Three approaches for migrating to the cloud"