Azure AD Connect version 2.0.3.0 is here

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Yesterday, Microsoft released the first version in the 1.6 branch of Azure AD Connect: v2.0.3.0 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Azure AD Connect version 2.0.3.0 is here"

The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers

When looking at the July 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in the DNS snap-in and nine vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates. Three DNS Snap-in vulnerabilities There are … Continue reading "The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers"

Identity-related sessions at Microsoft Inspire 2021

Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. As all of Microsoft’s events will have a focus on online events until July 2021, Microsoft Inspire … Continue reading "Identity-related sessions at Microsoft Inspire 2021"

TODO: Disable the Print Spooler service on Domain Controllers

Today, the news reached me that CVE-2021-1675 is weaponized to compromise Domain Controllers. This is actually already happening in the real world, leading to a ‘zero day’ vulnerability event. Luckily, the vulnerability can be easily thwarted with a simple configuration change on Domain Controllers; disabling the Print Spooler service. Not a big change, but there … Continue reading "TODO: Disable the Print Spooler service on Domain Controllers"

The videos of my two Netwrix US webinars are now available

On May 18th and May 20th, I presented two distinct webinars on Active Directory and Azure AD Better Together. I presented these webinars together with Netwrix’ David Metzgar. The Microsoft cloud offers a wealth of benefits, from powerful enterprise applications and built-in high availability to predictable costs. But most organizations still need their on-premises IT … Continue reading "The videos of my two Netwrix US webinars are now available"

Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded … Continue reading "Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)"

I’m presenting two more Active Directory and Azure AD Better Together webinars

After the huge success of my previously co-presented Active Directory and Azure AD Better Together webinars for their US audience, Netwrix and I have decided to organize these webinars again for people in Europe, Africa and the Middle-East. On June 23rd and June 25th, Netwrix’ Russel McDermott and I discuss how Active Directory and Azure … Continue reading "I’m presenting two more Active Directory and Azure AD Better Together webinars"

Preparing Active Directory for Windows 10 version 21H1

Microsoft has released a new version of Windows 10, dubbed version 21H1. This version brings new functionality that many organizations are eager to utilize. In many organizations, Windows-based devices are joined to Active Directory Domain Services (AD DS), so devices can be managed centrally and end-users can sign-in on any domain-joined device of their liking. … Continue reading "Preparing Active Directory for Windows 10 version 21H1"

Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity. Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members"

On-premises Identity-related updates and fixes for April 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for April 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB5001347 April 13, 2021 The … Continue reading "On-premises Identity-related updates and fixes for April 2021"