What’s New in Identity from Microsoft Inspire 2020

Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. This year’s Inspire event brought us the following Identity-related news:   New Surface Hub OS featuring Azure … Continue reading "What’s New in Identity from Microsoft Inspire 2020"

Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator

VMware’s vRealize Orchestrator is a product used by many virtualization admins to automate common tasks. Today, we’re looking at using vRealize Orchestrator to enable automation of common Active Directory tasks, so Active Directory admins may benefit from this solution using the publicly available blueprints for Active Directory.   About vRealize Orchestrator vRealize Orchestrator helps simplify … Continue reading "Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator"

Three ways to use Site Recovery Manager with virtualized Domain Controllers

One of the benefits of virtualizing machines is the built-in resiliency of the underlying virtualization platform. In many vSphere environments consisting of multiple datacenters, this resiliency is expanded with Site Recovery Manager. There are, however some things you’ll want to know about using Site Recovery Manager in combination with virtualized Domain Controllers. As usual, not … Continue reading "Three ways to use Site Recovery Manager with virtualized Domain Controllers"

Identity-related Sessions at Microsoft Inspire 2020

Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers. As all of Microsoft’s events will have a focus on online events until July 2021, Microsoft Inspire … Continue reading "Identity-related Sessions at Microsoft Inspire 2020"

KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail

There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled.               The situation In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts … Continue reading "KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail"

Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts

Virtualizing Domain Controllers introduces risks that are not present when running non-virtualized Domain Controllers. Two of these problems –running Domain Controllers on hosts with the wrong time and running all Domain Controllers on the same host –can be addressed with one VMware vSphere feature: VM/Host Rules.   Additional challenges when running virtualized Domain Controllers We’ve … Continue reading "Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts"

On-premises Microsoft Identity-related updates and fixes for June 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for June 2020"

TODO: Upgrade from ADAL to MSAL

Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications.                                                                     What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"

Protecting virtual Domain Controllers on vSphere with VM Encryption

In the previous post in this series, we looked at Virtualization-based Security and how it may benefit virtualized Domain Controllers. However, VMware vSphere 6.5 and newer versions of vSphere, offer one more feature to virtualized Domain Controllers that you might want to look into from both an Active Directory as a Virtualization Platform management point … Continue reading "Protecting virtual Domain Controllers on vSphere with VM Encryption"

Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)

This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.   About the vulnerability An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker … Continue reading "Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)"