Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. User objects with the Global administrator role are the highest privileged objects in Azure AD and should be monitored. The challenge with Global Admins Some organizations have opted for a Technical State … Continue reading "HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role"
Last month, Microsoft has announced the deprecation of the Azure Active Directory Graph API (graph.windows.net). Going forward, the Microsoft Graph API (graph.microsoft.com) is the supported way to gain access to Azure Active Directory programmatically. What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications and tools communicating … Continue reading "TODO: Move from the Azure AD Graph API to the Microsoft Graph API"
Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. As with any system in a networking infrastructure, … Continue reading "HOWTO: Perform an Azure AD Connect Swing Migration"
One of the benefits of virtualizing machines is the built-in resiliency of the underlying virtualization platform. In many vSphere environments consisting of multiple datacenters, this resiliency is expanded with Site Recovery Manager. There are, however some things you’ll want to know about using Site Recovery Manager in combination with virtualized Domain Controllers. As usual, not … Continue reading "Three ways to use Site Recovery Manager with virtualized Domain Controllers"
Yesterday, Microsoft released updates for all supported versions of Windows and Windows Server to address a remote code execution vulnerability in DNS Server, marked as critical. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1350. About the vulnerability A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they … Continue reading "Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)"
On July 30th, 2020, I’ll present an 1-hour webinar with Netwrix. Together with Russell McDermott I’ll discuss the three approaches to cloud migration. Three Approaches to Cloud Migration Thursday July 30th, 2020, 2PM BST / 3PM CEST This is a topic that is near to my heart, as I see many organization struggle with … Continue reading "I’m hosting a webinar with Netwrix on Three approaches for migrating to the cloud"
Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. As all of Microsoft’s events will have a focus on online events until July 2021, Microsoft Inspire … Continue reading "Identity-related Sessions at Microsoft Inspire 2020"
Last Friday, a new version of Azure AD Connect was released: version 220.127.116.11. This version offers Import/Export functionality and a couple of fixes. After every fresh major release of Azure AD Connect by Microsoft, several smaller hotfix releases update the functionality to prevent issues where administrators are not able to perform certain configurations or gain … Continue reading "Azure AD Connect v18.104.22.168 introduces Exporting and Importing Configurations"
Office for the Web (previously known as Office Web Apps) is one of the nicest features in Microsoft 365. It allows people to view and interact with documents in their web browser, without the need to install or use any of the native Microsoft 365 apps. Alas, there are some privacy concerns, and some organizations … Continue reading "HOWTO: Disable Office for the Web for your Microsoft 365 users"
There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled. The situation In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts … Continue reading "KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail"