I'm presenting a webinar with Randy Franklin Smith and Netwrix

This Tuesday at 6 PM CEST, I'm presenting a webinar with Randy Franklin Smith's Ultimate Windows Security and Netwrix on ten best practices to securing Active Directory and Azure AD. About Randy Franklin Smith Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes … Continue reading "I'm presenting a webinar with Randy Franklin Smith and Netwrix"

Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations

Admins that have bit the bullet on Azure AD Connect v2 are now eating the sour grapes of that decision, as Microsoft doesn't offer Automatic Upgrades on any of the v2 builds released to date. About Azure AD Connect v2 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations"

I'm speaking at the Cloud Identity Summit

On September 30th, 2021, I'll present a 50-minute session on common mistakes with Hybrid Identity at the second Cloud Identity Summit, organized by the Azure Bonn user group. About the Cloud Identity Summit The Cloud Identity Summit aims to bring together people from different areas of Identity and Access Management (IAM) and provide an open … Continue reading "I'm speaking at the Cloud Identity Summit"

Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In the first part of this series, I’ve shown you how to report on incoming SMB connections on your Active Directory Domain Controllers. Now, let’s put … Continue reading "Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions"

VMware fixes 19 vulnerabilities in vCenter Server (VMSA-2021-0020)

Today, VMware released an update that addresses nineteen vulnerabilities in vCenter Server. These two vulnerabilities can be used to compromise vCenter Server installations and the ESXi host they manage. Note: The vulnerabilities exist in VMware Cloud Foundation, too.   About vCenter Server VMware vCenter Server, formerly known as VirtualCenter, is the centralized management tool for … Continue reading "VMware fixes 19 vulnerabilities in vCenter Server (VMSA-2021-0020)"

ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles

Lately, Microsoft is advocating moving away from the Hybrid Azure AD Join model to the Azure AD Join model, leaving the traditional domain-join model behind. Microsoft feels it’s time to leave ye ol’ Active Directory behind, but a lot of settings, preferences, files and folders are still part of this legacy. They are part of … Continue reading "ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles"

Azure AD Connect v2.0.25.1 addresses a security issue and other bugs

The lost two months have been a bonanza for Azure AD Connect releases. What started out with the first v2 release on July 20th, led to a security release three weeks later and two bug fix releases another week later. Now, four weeks after that last release, Azure AD Connect v2.0.25.1 sees the light. It … Continue reading "Azure AD Connect v2.0.25.1 addresses a security issue and other bugs"

Hardening SMB on Domain Controllers, Step 2: Disabling SMBv1

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In the first part of this series, I’ve shown you how to report on incoming SMB connections on your Active Directory Domain Controllers. Now, let’s put … Continue reading "Hardening SMB on Domain Controllers, Step 2: Disabling SMBv1"

KnowledgeBase: The Windows Server 2022 Active Directory DFL and FFL do not exist

Just as there are no Windows Server 2019 Forest Functional Level (FFL) or Windows Server 2019 Domain Functional Level (DFL), there are no Windows Server 2022 FFL or DFL either in Microsoft Windows Server’s Active Directory Domain Services (AD DS).   Impact The unavailability of the Windows Server 2022 Forest Functional Level (FFL) and Windows … Continue reading "KnowledgeBase: The Windows Server 2022 Active Directory DFL and FFL do not exist"

Hornetsecurity’s 365 Threat Monitor: Get rid of unwanted and potentially dangerous messages

Any messaging administrator will tell you that it’s hard to fight against spam. As we read about most cybersecurity incidents starting with (spear)phishing attacks, it also becomes increasingly clear messaging administrators in small and medium-sized business need to work harder or smarter to protect their colleagues. Messaging in the modern age Many organizations started their … Continue reading "Hornetsecurity’s 365 Threat Monitor: Get rid of unwanted and potentially dangerous messages"