Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password. How Hybrid Cloud Trust works … Continue reading "TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust"
Category: Systems Administration
Systems Administration
ENow Software provides the ideal basis for your Active Directory Zero Trust Journey
The world is different from five years ago. After the successful SolarWinds attack in 2020, where attackers gained access to Microsoft’s systems, Microsoft aligned itself with NIST’s approach towards a zero-trust architecture. This changes everything. In contrast to previous security models, in Microsoft’s defense in depth approach Identity and Access is the first layer of … Continue reading "ENow Software provides the ideal basis for your Active Directory Zero Trust Journey"
TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur
Admins who are using Azure AD Connect are currently receiving email notifications when there are synchronization errors in the Azure AD Connect synchronization process. However, after mid-June 2022, admins who have not enabled Azure AD Connect Health email notifications will no longer receive synchronization error notification emails for their tenants. Microsoft has migrated this functionality … Continue reading "TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur"
HOWTO: Detect NTLMv1 Authentication
Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. … Continue reading "HOWTO: Detect NTLMv1 Authentication"
HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL
While initially communicated for June 30th, 2022, the deprecation of the Azure Active Directory Authentication Library (ADAL) has been postponed to December 2022. No doubt, this has to do with the continued use of the Azure Active Directory Authentication library (ADAL) in many apps and services. Since this month, Microsoft has made an Azure AD … Continue reading "HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL"
You may encounter authentication issues after installing the November 2021 Cumulative updates
While installing updates is one of the basic information security measures, many organizations hold off on installing updates for Windows Server within 48 hours. This month, we saw another reason why it’s a smart idea to test updates in pre-production environments before deploying them to production domain controllers. After installing the November 2021 cumulative and/or … Continue reading "You may encounter authentication issues after installing the November 2021 Cumulative updates"
Support for vSphere 6.5 and vSphere 6.7 ends in one year
On October 18th, 2016, VMware announced vSphere 6.5 focusing on a simplified experience and improving security features. Today, we're seeing one year of support left for this great product that has served so many organizations well. vSphere 6.5 To me, vSphere 6.5 was a milestone release. Sure, it didn't have the appeal as other … Continue reading "Support for vSphere 6.5 and vSphere 6.7 ends in one year"
Three Active Directory vulnerabilities were addressed in the October 2021 Updates
When looking at the October 12th, 2021 updates today, I noticed three updates that specifically address vulnerabilities in Active Directory Domain Services and DNS. These vulnerabilities affect domain controllers at the heart of many networking infrastructure environments. About the vulnerabilities Three vulnerabilities were addressed: CVE-2021-40460 RPC Runtime Security Feature Bypass Vulnerability CVE-2021-40460 is a vulnerability … Continue reading "Three Active Directory vulnerabilities were addressed in the October 2021 Updates"
Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday
When looking at the October 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in Active Directory Federation Services (AD FS). About the vulnerabilities Three vulnerabilities were addressed today: CVE-20221-40456 AD FS Security Feature Bypass Vulnerability CVE-2021-40456 is a vulnerability that could allow an attacker to bypass BannedIPList entries for WS-Trust workflows … Continue reading "Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday"
Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations
Admins that have bit the bullet on Azure AD Connect v2 are now eating the sour grapes of that decision, as Microsoft doesn't offer Automatic Upgrades on any of the v2 builds released to date. About Azure AD Connect v2 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations"