Skip to Content

Category Archives: Azure Active Directory

Azure Active Directory

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

Written on August 15, 2019 at 11:26 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

What’s New in Azure Active Directory for July 2019

Written on August 9, 2019 at 11:02 AM, by

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for July 2019:   What’s Planned Application Proxy service update to support […]

HOWTO: Disable unnecessary AD FS endpoints

Written on August 6, 2019 at 8:07 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect

Written on July 30, 2019 at 10:05 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows […]

HOWTO: Enforce Azure AD Connect to use TLS 1.2 only

Written on July 30, 2019 at 10:00 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience (“Full installation”) […]

HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect

Written on July 16, 2019 at 2:12 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes you’re running Azure AD Connect as domain-joined Windows Server 2016 with Desktop Experience (“Full […]

What’s New in Azure Active Directory for June 2019

Written on July 5, 2019 at 3:25 PM, by

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2019:                          What’s New New riskDetections API for Microsoft Graph […]

HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers

Written on July 4, 2019 at 10:02 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running […]

HOWTO: Disable Unnecessary Services on Web Application Proxies

Written on July 2, 2019 at 10:04 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower […]

Knowledgebase: Azure AD Connect’s Seamless SSO breaks when you disable RC4_HMAC_MD5

Written on June 25, 2019 at 7:36 AM, by

It’s a recommended practice to disable weak ciphers and encryption algorithms. Some standards require this. As technology evolves, the list of available ciphers and their priority in encryption negotiations changes. This limits the risk of losing confidentiality on communications between systems, applications and (cloud) services. While you’ve probably heard of disabling 3DES and all versions […]