Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)

This week, on its Patch Tuesday for May 2021, Microsoft released a patch that addresses a highly critical vulnerability (CVE-2021-31166) in http.sys. About http.sys Http.sys is a web server for ASP.NET Core that only runs on Windows. HTTP.sys is an alternative to Kestrel server and offers some features that Kestrel doesn't provide. Http.sys can run … Continue reading "Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)"

KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update

Troubleshooting IT problems is hard. Troubleshooting problems that arise on end-user devices around the  same time as these devices automatically update should be simpler, but can be just as hard. Today, let’s talk about some behavior we’re seeing at some organizations surrounding the May 2021 Cumulative Update for Windows 10. The situation Within the organization, … Continue reading "KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update"

The May Cumulative update fixes several Azure AD Join issues on Windows 10

Just like every month, Microsoft released cumulative quality updates to its supported Operating Systems in June 2021. This month’s updates, however, show a particular focus on several fixes for Azure AD-joined and Hybrid Azure AD-joined Windows 10 devices running Windows 10 version 1809 and beyond. Let’s take a look: Note: Windows 10 version 1809 has … Continue reading "The May Cumulative update fixes several Azure AD Join issues on Windows 10"

Keeping up to date as an organization: Track Microsoft 365 Message Center messages in Planner

One of the questions I ask every new colleague is how they are keeping up with the new and changed features in Azure and Microsoft 365. For individuals, it’s hard to keep up, but in many organizations, the IT department is having an even harder time doing so. This might have multiple reasons: They’re overwhelmed … Continue reading "Keeping up to date as an organization: Track Microsoft 365 Message Center messages in Planner"

Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity. Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members"

On-premises Identity-related updates and fixes for April 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for April 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB5001347 April 13, 2021 The … Continue reading "On-premises Identity-related updates and fixes for April 2021"

What's New in Azure Active Directory for April 2021

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for April 2021: What’s Planned Users can only create security and Microsoft … Continue reading "What's New in Azure Active Directory for April 2021"

I’m presenting two Active Directory and Azure AD Better Together webinars with Netwrix

On May 18th, 2021 and May 20th, 2021 I’ll present 1-hour webinar sessions with Netwrix. Together with Netwrix, I’ll discuss how Active Directory and Azure AD are better together. You’ll learn how you can benefit from integrating your on-premises Active Directory Domain Services environment with Azure AD, how to harden your hybrid environment, how to … Continue reading "I’m presenting two Active Directory and Azure AD Better Together webinars with Netwrix"

KnowledgeBase: VMware Tools Quiescence corrupts Active Directory backups

Sometimes, IT issues are not what they seem to be. A strange issue reared its ugly head last week regarding something I hold dearly: Active Directory backups. The situation An organization runs Active Directory Domain Controllers virtually on top of VMware vSphere. The VMware Tools are installed on the virtual machine. The organization creates backups … Continue reading "KnowledgeBase: VMware Tools Quiescence corrupts Active Directory backups"

From the field: A colleague encounters error “AADSTS50107 Requested federation realm object does not exist.”

Sometimes, you hit error messages that are just too vague to troubleshoot. I like these kinds of situations. I’ve hit this particular error before, but Microsoft fixed the issue with the 515 rID a long time ago… Let’s see what’s happening today causing the same error. The situation An organization has recently restructured. Today, all … Continue reading "From the field: A colleague encounters error “AADSTS50107 Requested federation realm object does not exist.”"