An Out-of-Band Update addresses Azure AD sign-in problems on Windows ARM-based devices

After installing the June 2022 Cumulative update on a Windows ARM-based device, people might be unable to sign in using Azure Active Directory (Azure AD). Now there is an update available to address this issue, without having to resort to uninstalling the June 2022 Cumulative update or without having to rely on the web-based versions … Continue reading "An Out-of-Band Update addresses Azure AD sign-in problems on Windows ARM-based devices"

Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)

This week, new Proof of Concept code was publicly published to coerce a Certificate Authority (CA) to authenticate the domain controller using NTLM. This vulnerability was named DFSCoerce and has been published by Filip Dragovic. It is another vulnerability in the PetitPotam (or PrintNightmare) family of vulnerabilities, and is as difficult to mitigate as former … Continue reading "Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)"

TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur

Admins who are using Azure AD Connect are currently receiving email notifications when there are synchronization errors in the Azure AD Connect synchronization process. However, after mid-June 2022, admins who have not enabled Azure AD Connect Health email notifications will no longer receive synchronization error notification emails for their tenants. Microsoft has migrated this functionality … Continue reading "TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur"

HOWTO: Detect NTLMv1 Authentication

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. … Continue reading "HOWTO: Detect NTLMv1 Authentication"

HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL

While initially communicated for June 30th, 2022, the deprecation of the Azure Active Directory Authentication Library (ADAL) has been postponed to December 2022. No doubt, this has to do with the continued use of the Azure Active Directory Authentication library (ADAL) in many apps and services. Since this month, Microsoft has made an Azure AD … Continue reading "HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL"

I’m speaking at the GET-IT Microsoft Cloud Security and Compliance Conference

A few weeks ago, I was invited as a speaker for Petri.com’s GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference on June 23rd, 2022. About the GET-IT Microsoft Cloud Security and Compliance Conference GET-IT Conferences are 1-day virtual events, organized by Petri.com. The upcoming GET-IT Conference has cloud security and compliance as its topic. … Continue reading "I’m speaking at the GET-IT Microsoft Cloud Security and Compliance Conference"

What's New in Microsoft Defender for Identity in May 2022

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures. It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches … Continue reading "What's New in Microsoft Defender for Identity in May 2022"

What's New in Azure Active Directory for May 2022

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for May 2022: What’s Planned Tenant-based service outage notifications General Availability Service … Continue reading "What's New in Azure Active Directory for May 2022"

On-premises Identity-related updates and fixes for May 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for May 2022:   Windows Server 2016 We observed the following update for Windows Server … Continue reading "On-premises Identity-related updates and fixes for May 2022"