There is a good and free way to prepare for Microsoft exam 70-742: Identity with Windows Server 2016. In the past years, I conducted webinars that can serve as a primer on Active Directory in terms of forests, domains, trusts, security and on Group Policy. They are not and were never intended as the sole … Continue reading "Passing Microsoft Exam 70-742: Identity with Windows Server 2016"
Category: Active Directory Federation Services
Active Directory Federation Services
Windows Server 2016’s August 2018 Quality Update brings several Active Directory fixes
Windows Server 2016’s August 2018’s Cumulative Quality Update, bringing the OS version to 14393.2457, offers a total of four fixes for issues you might be experiencing on your Windows Server 2016-based Domain Controllers and Active Directory Federation Services (AD FS) Servers. About Windows Server 2016 Updates Microsoft issues two major updates each month for … Continue reading "Windows Server 2016’s August 2018 Quality Update brings several Active Directory fixes"
A Vulnerability in AD FS allows for bypassing the MFA Security Feature (CVE-2018-8340, Important)
Last Tuesday, during Microsoft’s August 2018 Patch Tuesday, Microsoft released an important security update for all supported Operating Systems to address a security feature bypass vulnerability that exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests. About the vulnerability Malicious actors often compromise passwords to initiate and expand security breaches. … Continue reading "A Vulnerability in AD FS allows for bypassing the MFA Security Feature (CVE-2018-8340, Important)"
Windows Server 2016’s July 2018 Quality Update brings four Active Directory Federation Services fixes
Windows Server 2016’s July 2018’s Cumulative Quality Update, bringing the OS version to 14393.2395, offers four fixes for issues you might be experiencing on your Windows Server 2016-based Active Directory Federation Services (AD FS) Servers and Web Application Proxies. About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server … Continue reading "Windows Server 2016’s July 2018 Quality Update brings four Active Directory Federation Services fixes"
Configuring Account Lockout throughout a Hybrid Identity Environment
Denial of Service attacks on identity and access systems are common place. When you think you’re done when you’ve covered all the bases with account lock-out in your on-premises Active Directory Domain Services (AD DS) environment, you’re wrong. Hybrid Identity requires more effort and Microsoft only made the tools you need generally available this month. … Continue reading "Configuring Account Lockout throughout a Hybrid Identity Environment"
Active Directory Federation Services Extranet Smart Lock-out
On March 22, with its Windows Server 2016’s March 2018 Quality Update (KB4088889), Microsoft did not only address two issues in Active Directory Domain Services, but also introduced a new feature to Active Directory Federation Services (AD FS): Extranet Smart Lock-out. This feature enhances the Extranet Lock-out feature that has been present in Active Directory … Continue reading "Active Directory Federation Services Extranet Smart Lock-out"
Pro Tip! Use the claim rules from ADFSHelp for your ‘Office 365 Identity Platform’ Relying Party Trust
Whenever I talk about the claim rules in Active Directory Federation Services (AD FS) for the ‘Office 365 Identity Platform’ Relying Party Trust (RPT), between the on-premises AD FS implementation and Azure AD, I get the following question: How do we manually set up the advanced claim rules that Azure AD Connect configures automatically? Let’s … Continue reading "Pro Tip! Use the claim rules from ADFSHelp for your ‘Office 365 Identity Platform’ Relying Party Trust"
Windows Server 2016’s February 2018 Quality Update comes highly recommended for AD FS Servers and Web Application Proxies
Windows Server 2016’s February 2018’s Cumulative Quality Update, bringing the OS version to 14393.2097, offers several fixes for Secure Token Servers (STSs) running Active Directory Federation Services (AD FS) and Web Application Proxies. About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching … Continue reading "Windows Server 2016’s February 2018 Quality Update comes highly recommended for AD FS Servers and Web Application Proxies"
Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the … Continue reading "Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version"
Configuring the Azure AD Connect Health Agent for AD FS on Server Core
When you get serious about security in Hybrid Identity implementations, you would opt to implement AD FS servers and Web Application Proxies as Server Core installations. However, this poses a slight problem with the Azure AD Connect Health Agent for AD FS, because at first glance, you can’t configure it on Server Core installations of … Continue reading "Configuring the Azure AD Connect Health Agent for AD FS on Server Core"