Skip to Content

Category Archives: Active Directory

Active Directory

TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes

Written on February 13, 2020 at 3:38 PM, by

In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way […]

On-premises Identity updates & fixes for January 2020

Written on February 7, 2020 at 7:58 PM, by

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for January 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4534271 January 14, 2020 The […]

Deprecation of older Azure AD Connect versions announced for November 1, 2020

Written on January 31, 2020 at 10:51 AM, by

This, week, the Azure AD Connect team made the following announcement on the Azure AD Connect: Version release history page: Starting on November 1st, 2020, we will begin implementing a deprecation process whereby versions of Azure AD Connect that were released more than 18 months ago will be deprecated. At that time we will begin […]

Active Directory, AD FS and Azure AD in terms of Data Privacy

Written on January 28, 2020 at 10:00 PM, by

Today is data privacy day. Today, I’d like to talk about Active Directory and data privacy, because it is an issue that is looming on the horizon for many organizations. I won’t be talking about Domain Controllers getting popped all around the globe, not about the various attacks against Active Directory and how to detect, […]

Requirements per Windows Hello for Business Deployment Type

Written on January 27, 2020 at 10:35 PM, by

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices.   About Windows Hello for Business In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to […]

HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection

Written on January 17, 2020 at 7:20 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing AD FS with a back-end […]

TODO: Install the January 2020 Cumulative Update in your networking infrastructure

Written on January 16, 2020 at 12:41 AM, by

This Tuesday, Microsoft released an update that fixes a critical vulnerability in Windows and Windows Server. I urge you to install this update as soon as possible.   About the vulnerability The vulnerability, labeled CVE-2020-0601 was responsibly disclosed by the NSA to Microsoft. It is dubbed ‘NSACrypt’. A spoofing vulnerability exists in the way Windows […]

HOWTO: Design a networking infrastructure for Hybrid Identity components

Written on January 10, 2020 at 5:45 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive […]

HOWTO: Change the Security Response Headers on AD FS

Written on December 19, 2019 at 4:05 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the security headers for AD FS implementations. Note: This […]

Azure AD Connect version 1.4.38.0 offers some bug fixes

Written on December 9, 2019 at 12:34 PM, by

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the fourth version in the 1.4 branch of Azure AD Connect: v1.4.38.0. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]