What's New in Azure Active Directory for November 2020

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2020: What’s Planned Azure Active Directory TLS 1.0, TLS 1.1 … Continue reading "What's New in Azure Active Directory for November 2020"

The video of our presentation at Veeam Live is now available

Veeam organized its Veeam Live event on October 20th, 2020. Veeam is defining the future of cloud data solutions and helping today’s businesses securely and reliably protect and easily recover their data. At Veeam Live, they offered data protection management guidance, showed how to up your data protection game and allowed to connect with like-minded … Continue reading "The video of our presentation at Veeam Live is now available"

KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers

This week, I encountered unexpected behavior with Active Directory Federation Services (AD FS) on a Windows Server installation that an organization had recently transitioned to from an AD FS server running a previous version of Windows Server. I’m sharing my experiences, so others may benefit from our troubleshooting and solution.   The situation Your organization … Continue reading "KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers"

TODO: Stream additional logs from Azure AD for optimal visibility

Over the past six months, I’ve shown you ways to get to know the devices that people in your organization use App Passwords on, set an alert to notify when an additional person is assigned the Azure AD Global Administrator role and set an alert to notify when an Azure AD emergency access account is … Continue reading "TODO: Stream additional logs from Azure AD for optimal visibility"

HOWTO: Get rid of the Conditional Access Baseline Policies in your Azure AD tenant

In September 2018, Microsoft introduced the concept of Conditional Access baseline policies. Baseline policies were superseded by Security Defaults, and starting February 2020 the Baseline Conditional Access policies were disabled in all Azure AD tenants. However, these lingering baseline policies are all Off and cannot be turned on. They can also not be removed from … Continue reading "HOWTO: Get rid of the Conditional Access Baseline Policies in your Azure AD tenant"

Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)

Today, VMware released an update that addresses a use-after-free vulnerability in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability CVE-2020-4005). Together these two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware by … Continue reading "Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)"

Experiences with Zero Trust

Recently, people responsible for identity, security and governance have embraced the vision of Zero Trust. It is the logical evolution of our thinking towards an actionable, more thorough and holistic approach to access, based on the mantra ‘trust no-one, verify everything’. Today, I'm sharing my early experiences in this field.   The idea of Zero … Continue reading "Experiences with Zero Trust"

TODO: Require MFA from four more Azure AD Roles through your Conditional Access Policies

As part of MC224734, Microsoft has communicated publicly that they are requiring multi-factor authentication (MFA) from four more Azure AD privileged roles through the Security Defaults functionality. Organizations leveraging Conditional Access to require MFA from privileged accounts should take note.   About Security Defaults Security Defaults is an Identity security feature. When enabled, it requires … Continue reading "TODO: Require MFA from four more Azure AD Roles through your Conditional Access Policies"

KnowledgeBase: The Conditional Access APIs do not currently support Preview conditions

During Microsoft’s Ignite event in September 2020, the Conditional Access Application Programming Interfaces (APIs) were announced as Generally Available. We’ve covered this change in our recap of Identity-related Announcements from Microsoft Ignite 2020. Barbara Forbes and I are in the process of creating several solutions for Conditional Access administrators, that rely on the Conditional Access … Continue reading "KnowledgeBase: The Conditional Access APIs do not currently support Preview conditions"

I’m speaking at IT Pro | Dev Connections Greece 2020

I will be speaking at the upcoming IT Pro | Dev Connections Greece conference in the weekend of December 12th and 13th, 2020.   About IT Pro|Dev Connections IT Pro|Dev Connections is a conference organized by the largest Greek communities for everyone in the Computer and Information Technology industry. The content focuses on products, technologies … Continue reading "I’m speaking at IT Pro | Dev Connections Greece 2020"