The Croatian IT Pro User Group asked me to present a 75-minute session on the ‘Ten most common Mistakes with AD FS and Hybrid Identity’ at Microsoft Hrvatska in Zagreb yesterday. This event was shared with the Croatian IT Pros on the Microsoft Community website, and 56 people decided to sign up for the meeting, … Continue reading "Pictures of the Microsoft Community event at Microsoft Hrvatska in Zagreb"
Category: Active Directory Federation Services
Active Directory Federation Services
Pictures of Microsoft Network 6
As I mentioned last week, I was invited as a speaker for the Microsoft Network 6 event in Neum, Bosnia and Herzegovina. The venue for this event is the Grand Hotel Neum, which is a great hotel with superb conference rooms. Combined with Microsofts great staff and the absolutely delightful weather, speakers and attendees, this … Continue reading "Pictures of Microsoft Network 6"
I’ll be speaking at Microsoft Hrvatska for IT Pro User Group Zagreb on April 21
Romeo Mlinar, a Hyper-V MVP from Croatia, asked me to speak at the Microsoft IT Pro User Group Zagreb at Microsoft Hrvatska on Thursday evening April 21, 2016. Since I’m in Croatia and Bosnia Microsoft NetWork/6 anyway, I might as well make myself useful. I will be presenting 75 minutes on: Ten most common mistakes … Continue reading "I’ll be speaking at Microsoft Hrvatska for IT Pro User Group Zagreb on April 21"
Security Thoughts: Update for Active Directory Federation Services to Address Denial of Service (Important, MS16-020, KB3134222, CVE-2016-0037)
Today, Microsoft released MS16-020, a Security Bulletin addressing an issue with Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2. The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive. About Active Directory Federation … Continue reading "Security Thoughts: Update for Active Directory Federation Services to Address Denial of Service (Important, MS16-020, KB3134222, CVE-2016-0037)"
AD FS Certificates Best Practices, Part 4: Configuring the AD FS Token Signing and -Decrypting Certs for a longer lifetime
Microsoft Active Directory Federation Services implementations, typically, use three certificates for its functionality: Service communication certificate Token-signing certificate Token-decrypting certificate In the past three parts of this series, I’ve discussed the best practices I use when choosing the settings for my service communication certificate (request). Today, I’ll share my best practices for the token-signing certificate … Continue reading "AD FS Certificates Best Practices, Part 4: Configuring the AD FS Token Signing and -Decrypting Certs for a longer lifetime"
AD FS Certificates Best Practices, Part 3: Cryptographic Next Generation (CNG)-generated Private Keys
Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward certificates as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation… That’s right, you won’t … Continue reading "AD FS Certificates Best Practices, Part 3: Cryptographic Next Generation (CNG)-generated Private Keys"
AD FS Certificates Best Practices, Part 2: Key size
Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation? You won’t hear … Continue reading "AD FS Certificates Best Practices, Part 2: Key size"
AD FS Certificates Best Practices, Part 1: Hashing Algorithms
Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation? You won’t hear … Continue reading "AD FS Certificates Best Practices, Part 1: Hashing Algorithms"
Vulnerability in Active Directory Federation Services could allow elevation of privilege (Important, CVE-2015-1757, MS15-062)
Today, Microsoft released update 3062577 as part of its June 2015 Patch Tuesday to address a cross-site scripting vulnerability that affects Active Directory Federation Services (AD FS) 2.0 and Active Directory Federation Services (AD FS) 2.1 installations. Note: This means Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 are affected, but Windows … Continue reading "Vulnerability in Active Directory Federation Services could allow elevation of privilege (Important, CVE-2015-1757, MS15-062)"
Video: Join the Virtualized!
Windows 10 brings a huge change when it comes to joining the trusted environment. How does the virtualization of the join change the security paradigm that we got so used to over the past decade. What happens to single sign-on and management of the workplace? Where are the new boundaries of the virtualized territory? How … Continue reading "Video: Join the Virtualized!"