Azure AD Connect can configure a lot of the requirements it needs automatically. One of the things it can configure for you is the AD Connector account, the account that is used to read and write into Active Directory. However, Azure AD Connect also provides PowerShell cmdlets to configure and secure AD Connector accounts of … Continue reading "KnowledgeBase: You experience Errors with EventID 33007 and 33008 when people try to use Azure AD Self-service Password Reset"
During the installation of Azure AD Connect, you can select the option to use an alternative location. In this case, the Microsoft Azure AD Sync folder is stored in the alternative location, but the Microsoft Azure AD Connect folder isn’t. The situation When you work with Hybrid Cloud Trust, you need the AzureAdKerberos PowerShell module. … Continue reading "KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location"
This week, on its Patch Tuesday for August 2022, Microsoft released a patch that addresses a critical vulnerability (CVE-2022-34691) in Active Directory Domain Services (AD DS). About the vulnerability An Elevation of Privilege (EoP) vulnerability exists in Active Directory Domain Services (AD DS). The vulnerability can be exploited over the network with low complexity … Continue reading "An Elevation of Privilege vulnerability in Active Directory affects Certification Authorities (Critical, CVE-2022-34691)"
Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password. How Hybrid Cloud Trust works Under … Continue reading "TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust"
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for July 2022: What’s New Here’s what’s new: No more waiting, provision … Continue reading "What's New in Azure Active Directory for July 2022"
Ever since Microsoft announced the deprecation of Azure AD Connect version 1.x, many organizations have migrated to Azure AD Connect v2.x. However, one of the big features that have been missing from version 2.x is the ability to automatically upgrade to newer versions. Azure AD Connect v126.96.36.199 was the first v2.x to be announced with … Continue reading "Azure AD Connect v188.8.131.52 ensures Automatic Upgrades are possible"
Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures. It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches … Continue reading "What's New in Microsoft Defender for Identity in July 2022"
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for July 2022: Windows Server 2016 We observed the following update for Windows Server 2016: … Continue reading "On-premises Identity-related updates and fixes for July 2022"
This week, Microsoft announced the availability of Passwordless Phone Sign-in for multiple Work or School accounts in the Microsoft Authenticator app on Apple iOS-based devices. For the Public Preview of this feature, meet the following requirements to be able to use the Authenticator App for Passwordless Sign-ins to multiple Work or School accounts during the … Continue reading "Requirements to use Passwordless Phone Sign-in for multiple Work or School accounts"
On June 6th, 2022, Netwrix released Auditor v10.5. In this version, a remote code execution vulnerability is addressed. Since Auditor is typically executed with extensive privileges in an Active Directory environment, an attacker would be able to compromise the Active Directory forest and/or Azure AD tenant. About Netwrix Netwrix empowers information security and governance professionals … Continue reading "A Critical Vulnerability in Netwrix' Auditor may lead to Active Directory and Azure AD compromise"