KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location

During the installation of Azure AD Connect, you can select the option to use an alternative location. In this case, the Microsoft Azure AD Sync folder is stored in the alternative location, but the Microsoft Azure AD Connect folder isn’t. The situation When you work with Hybrid Cloud Trust, you need the AzureAdKerberos PowerShell module. … Continue reading "KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location"

An Elevation of Privilege vulnerability in Active Directory affects Certification Authorities (Critical, CVE-2022-34691)

This week, on its Patch Tuesday for August 2022, Microsoft released a patch that addresses a critical vulnerability (CVE-2022-34691) in Active Directory Domain Services (AD DS).   About the vulnerability An Elevation of Privilege (EoP) vulnerability exists in Active Directory Domain Services (AD DS). The vulnerability can be exploited over the network with low complexity … Continue reading "An Elevation of Privilege vulnerability in Active Directory affects Certification Authorities (Critical, CVE-2022-34691)"

TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust

Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password. How Hybrid Cloud Trust works Under … Continue reading "TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust"

What's New in Azure Active Directory for July 2022

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for July 2022: What’s New Here’s what’s new: No more waiting, provision … Continue reading "What's New in Azure Active Directory for July 2022"

Azure AD Connect v2.1.16.0 ensures Automatic Upgrades are possible

Ever since Microsoft announced the deprecation of Azure AD Connect version 1.x, many organizations have migrated to Azure AD Connect v2.x. However, one of the big features that have been missing from version 2.x is the ability to automatically upgrade to newer versions. Azure AD Connect v2.1.15.0 was the first v2.x to be announced with … Continue reading "Azure AD Connect v2.1.16.0 ensures Automatic Upgrades are possible"

What's New in Microsoft Defender for Identity in July 2022

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures. It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches … Continue reading "What's New in Microsoft Defender for Identity in July 2022"

On-premises Identity-related updates and fixes for July 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for July 2022: Windows Server 2016 We observed the following update for Windows Server 2016: … Continue reading "On-premises Identity-related updates and fixes for July 2022"

Requirements to use Passwordless Phone Sign-in for multiple Work or School accounts

This week, Microsoft announced the availability of Passwordless Phone Sign-in for multiple Work or School accounts in the Microsoft Authenticator app on Apple iOS-based devices. For the Public Preview of this feature, meet the following requirements to be able to use the Authenticator App for Passwordless Sign-ins to multiple Work or School accounts during the … Continue reading "Requirements to use Passwordless Phone Sign-in for multiple Work or School accounts"

A Critical Vulnerability in Netwrix' Auditor may lead to Active Directory and Azure AD compromise

On June 6th, 2022, Netwrix released Auditor v10.5. In this version, a remote code execution vulnerability is addressed. Since Auditor is typically executed with extensive privileges in an Active Directory environment, an attacker would be able to compromise the Active Directory forest and/or Azure AD tenant.   About Netwrix Netwrix empowers information security and governance professionals … Continue reading "A Critical Vulnerability in Netwrix' Auditor may lead to Active Directory and Azure AD compromise"

The Second Edition of the Active Directory Administration Cookbook is now available

Slightly over three years ago, my first book was published. These past few months, I've been working with Packt to write my second book: the Active Directory Administration Cookbook, Second Edition. Starting today, July 15th 2022, you can find physical copies of it on shelves at Amazon. What you'll find is 696 pages filled with … Continue reading "The Second Edition of the Active Directory Administration Cookbook is now available"