Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In many environments, tier 0 systems like Azure AD Connect installations are only allowed Internet access through one … Continue reading "HOWTO: Install Azure AD Connect behind an Internet Proxy"
Today, for its January 2021 Patch Tuesday, Microsoft released an important security update for Azure Active Directory Pod Identities. This vulnerability is known as CVE-2021-1677 and rated with CVSSv3.0 scores of 5.5/4.8 About the vulnerability The Azure AD pod identity feature enables users to assign identities to pods in Kubernetes clusters and fetch them from … Continue reading "Azure Active Directory Pod Identity Spoofing Vulnerability (CVE-2021-1677)"
When you stream Azure AD logs to an Azure Log Analytics workspace, you might just do it to get an alert to notify when an additional person is assigned the Azure AD Global Administrator role or when an Azure AD emergency access account is used. For these purposes, the default retention period for an Azure … Continue reading "HOWTO: Set the Retention Period for the Azure Log Analytics Workspace where you stream Azure AD logs to"
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for December 2020: What’s New Azure AD B2C Phone Sign-up and … Continue reading "What's New in Azure Active Directory for December 2020"
Today, Raymond and I troubleshooted an issue for several people who received the ‘Sorry, we ran into a problem’ error when trying to register their security information. As is our mutual expectation, I decided to document the issue. When you run into the same situation, you might find it helpful. The situation An Azure … Continue reading "KnowledgeBase: Some users receive an "We're sorry, we ran into a problem" error when registering Azure MFA"
An estimated 97% of all organizations with over 50 people use Active Directory Domain Services (AD DS) as their on-premises directory service. This, however, leaves a lot of organizations with other directories, that are largely LDAPv3-compatible. How would these organizations embrace Azure Active Directory, as the world and Microsoft’s investments shift to cloud-based directory services? … Continue reading "Using Azure AD Connect to synchronize Active Directory Lightweight Directory Services (AD LDS) and other LDAPv3 directories to Azure Active Directory"
Working for a leading Microsoft partner in the Netherlands means that we owe it to our people, our community fellows and (prospective) customers to enable every person and every organization to achieve more. That’s why we’re organizing six Hybrid Identity webinars in the first six months of 2021. We want to show you the different … Continue reading "We’re organizing Six Hybrid Identity webinars in the First Half of 2021"
In recent versions of Azure AD Connect, you can use the mS-DS-ConsistencyGUID attribute as the source anchor attribute. This provides flexibility in cross-forest migration scenarios. However, if another solution in the networking environment has already claimed the mS-DS-ConsistencyGUID attribute for its purposes, Azure AD Connect won’t allow you to use this attribute and instead default … Continue reading "HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect"
The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the … Continue reading "The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available"
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2020: What’s Planned Azure Active Directory TLS 1.0, TLS 1.1 … Continue reading "What's New in Azure Active Directory for November 2020"