The FusterCluck that is Power Platform’s Identity and Delegation model

Recently, I had some experiences with the Power Platform. As an identity guy, I was appalled at what I found as Microsoft’s identity and delegation model for these services. Let me tell you why. About the Power Platform Microsoft’s Power Platform consists of four distinct products and services: Power BIThrough dashboards, Power BI can present … Continue reading "The FusterCluck that is Power Platform’s Identity and Delegation model"

An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates

Ever since the news broke that the May 2022 Windows Updates cause Active Directory Authentication Failures in environments where certificate-based authentication is in use, many organizations have held off on installing these updates on their domain controllers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even went as far as advising against installing the updates … Continue reading "An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates"

I’m speaking at NIC X

For its tenth edition, the annual Nordic Infrastructure Conference (NICConf) has invited Raymond Comvalius and me to deliver a session again. It’s our sixt edition of this fantastic event and we’re looking forward to it! About the Nordic Infrastructure Conference The Nordic Infrastructure Conference (NICConf) provides IT and business professionals with unmissable networking and learning … Continue reading "I’m speaking at NIC X"

Identity-related sessions at Microsoft Build 2022

Microsoft organizes Microsoft Build 2022 as a free digital event between Monday May 24th 5 PM CEST and Thursday May 26th 11 AM CEST. Microsoft Build is Microsoft’s annual conference event, aimed at software engineers and web developers using Windows, Microsoft Azure and other Microsoft technologies. First held in 2011, it serves as a successor … Continue reading "Identity-related sessions at Microsoft Build 2022"

The May 2022 Windows Updates may cause Active Directory Authentication Failures

The May 2022 updates for all supported versions of Windows Server may cause Active Directory authentication failures. Microsoft is investigating the issue. A workaround is available for organizations experiencing issues. The situation The Windows updates of May 10th, 2022, address several vulnerabilities on Domain Controllers, including several of the ten LDAP Remote Code Execution vulnerabilities … Continue reading "The May 2022 Windows Updates may cause Active Directory Authentication Failures"

I’m speaking at Techorama Belgium 2022

I’m proud to share that I’ll be presenting at Techorama Belgium for the fourth time as an accepted speaker for Techorama Belgium 2022. About Techorama Techorama Belgium is a yearly international technology conference that takes place at Kinepolis Metropolis Antwerp. Techorama welcomes 1700 attendees, a healthy mix between developers, IT Professionals, Data Professionals and SharePoint … Continue reading "I’m speaking at Techorama Belgium 2022"

The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)

When looking at the May 2022 Patch Tuesday today, I noticed an update that specifically addresses an LSA Spoofing vulnerability. This vulnerability is specific to Domain Controllers (in the default configuration), so this sparked my interest in the update. About the vulnerability A spoofing vulnerability exists in the Windows Local Security Authority (LSA). This vulnerability … Continue reading "The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)"

The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)

When looking at the May 2022 Patch Tuesday today, I noticed ten updates that specifically address Remote Code Execution (RCE) vulnerabilities in Windows LDAP. These vulnerabilities are specific to Domain Controllers (in the default configuration), so this sparked my interest in these updates. Ten Windows LDAP RCE vulnerabilities Ten Windows LDAP remote code execution vulnerabilities … Continue reading "The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)"

On-premises Identity-related updates and fixes for April 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for April 2022: Windows Server 2016 We observed the following update for Windows Server 2016: … Continue reading "On-premises Identity-related updates and fixes for April 2022"

What's New in Azure Active Directory for April 2022

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for April 2022: What’s New Microsoft Defender for Endpoint Signal in Identity … Continue reading "What's New in Azure Active Directory for April 2022"