Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for August 2023: Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for August 2023"
Category: Active Directory Federation Services
Active Directory Federation Services
On-premises Identity-related updates and fixes for May 2023
Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for May 2023: Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for May 2023"
On-premises Identity-related updates and fixes for March 2023
Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for March 2023: Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for March 2023"
On-premises Identity-related updates and fixes for February 2023
Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for February 2023: Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for February 2023"
Manage the use of your AD FS MFA Adapter towards Azure AD with the new federatedIdpMfaBehavior setting
Last month, Microsoft introduced a new setting in Azure AD to protect against by-passing of Azure MFA for organizations who have federated between Azure AD and their on-premises environment. In most cases, organizations who have federated one or more DNS domains with Microsoft 365 (and thus Azure AD) use AD FS to host the ‘Microsoft … Continue reading "Manage the use of your AD FS MFA Adapter towards Azure AD with the new federatedIdpMfaBehavior setting"
An AD FS Vulnerability may lead to Elevation of Privilege on recent Windows Server versions
This week, on its Patch Tuesday for July 2022, Microsoft released a patch that addresses a vulnerability (CVE-2022-30215) in Active Directory Federation Services (AD FS). About the vulnerability An Elevation of Privilege (EoP) vulnerability exists in Active Directory Federation Services (AD FS). The vulnerability can be exploited over the network and an attacker who successfully exploited … Continue reading "An AD FS Vulnerability may lead to Elevation of Privilege on recent Windows Server versions"
Wormable Critical HTTP Protocol Stack Remote Code Execution Vulnerability affects Windows Server 2019- and 2022-based AD FS Servers (CVE-2022-21907)
During its Patch Tuesday on January 11th, 2022, Microsoft addressed a Remote Code Execution (RCE) security vulnerabilities that affects Windows Server 2019- and Windows Server 2022-based Active Directory Federation Services (AD FS) servers. About the vulnerability CVE-2022-21907 details a remote code execution vulnerability that can be used to attack AD FS servers over the internet. … Continue reading "Wormable Critical HTTP Protocol Stack Remote Code Execution Vulnerability affects Windows Server 2019- and 2022-based AD FS Servers (CVE-2022-21907)"
Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday
When looking at the October 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in Active Directory Federation Services (AD FS). About the vulnerabilities Three vulnerabilities were addressed today: CVE-20221-40456 AD FS Security Feature Bypass Vulnerability CVE-2021-40456 is a vulnerability that could allow an attacker to bypass BannedIPList entries for WS-Trust workflows … Continue reading "Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday"
How to check if Azure AD has processed the hybrid authentication method change
Many organizations with Azure AD tenant are currently transitioning from federation to Pass-through Authentication (PTA) and/or authentication based on Password Hash Synchronization (PHS). The Staged Roll-out feature is a straight-forward way to perform this transition. Microsoft has described how to migrate from federation to cloud authentication in Azure Active Directory using this feature. Note: In … Continue reading "How to check if Azure AD has processed the hybrid authentication method change"
HOWTO: Enable Seamless Single Sign-on when AD FS is Configured as Sign-in Method
Microsoft has introduced the Staged Rollout functionality to convert the sign-in method for people in your organization from federated authentication to managed authentication. However, there is one slight issue with single sign-on. In this blogpost, I’ll address the issue of having both Seamless Single Sign-on and Federation enabled in Azure AD Connect. About Staged Rollout … Continue reading "HOWTO: Enable Seamless Single Sign-on when AD FS is Configured as Sign-in Method"