HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Change the Security Response Headers on AD FS

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the security headers for AD FS implementations. Note: This … Continue reading "HOWTO: Change the Security Response Headers on AD FS"

HOWTO: Enable Azure Multi-factor Authentication on AD FS

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll add an additional layer of information security to authentications that are … Continue reading "HOWTO: Enable Azure Multi-factor Authentication on AD FS"

HOWTO: Enable Extended Protection for Authentication on the AD FS Farm

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the extended protection for authentication feature with AD FS. … Continue reading "HOWTO: Enable Extended Protection for Authentication on the AD FS Farm"

On-premises Identity updates & fixes for October 2019

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for October 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4524152 October 3, 2019 The … Continue reading "On-premises Identity updates & fixes for October 2019"

From the Field: The case of the unreachable forest on a domain-joined Azure AD Connect installation

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. Last week I experienced an issue with Azure AD Connect at … Continue reading "From the Field: The case of the unreachable forest on a domain-joined Azure AD Connect installation"

On-premises Identity updates & fixes for September 2019

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for September 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4516044 September 10, 2019 The … Continue reading "On-premises Identity updates & fixes for September 2019"

HOWTO: Enable Extranet Smart Account Lockout on the AD FS Farm

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we look at a new feature of Active Directory Federation Services (AD … Continue reading "HOWTO: Enable Extranet Smart Account Lockout on the AD FS Farm"

HOWTO: Install VASCO’s DIGIPASS Authentication for AD FS

Today, I had the pleasure of installing and configuring OneSpan’s (formerly Vasco’s) DIGIPASS Authentication for Microsoft Active Directory Federation Services (AD FS). Microsoft Docs offers links to documentation for 3rd-party providers with MFA offerings currently available for AD FS, but just like CensorNet’s SMS PASSCODE AD FS Agent, OneSpan’s installation and configuration manual is not … Continue reading "HOWTO: Install VASCO’s DIGIPASS Authentication for AD FS"