TODO: Mitigate the Information Disclosure vulnerability caused by improperly configured Azure Migrate applications

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Migrate applications, when these applications have been created prior to November 2, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way Azure AD stores the … Continue reading "TODO: Mitigate the Information Disclosure vulnerability caused by improperly configured Azure Migrate applications"

TODO: Change the credentials for Azure Automation Run-As accounts

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Automation Run-As accounts, when these accounts have been created between October 15, 2020 and October 15, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way … Continue reading "TODO: Change the credentials for Azure Automation Run-As accounts"

What's New in Azure Active Directory for September 2021

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for September 2021: What's Planned Limits on the number of configured API … Continue reading "What's New in Azure Active Directory for September 2021"

I'm presenting a webinar with Randy Franklin Smith and Netwrix

This Tuesday at 6 PM CEST, I'm presenting a webinar with Randy Franklin Smith's Ultimate Windows Security and Netwrix on ten best practices to securing Active Directory and Azure AD. About Randy Franklin Smith Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes … Continue reading "I'm presenting a webinar with Randy Franklin Smith and Netwrix"

Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations

Admins that have bit the bullet on Azure AD Connect v2 are now eating the sour grapes of that decision, as Microsoft doesn't offer Automatic Upgrades on any of the v2 builds released to date. About Azure AD Connect v2 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations"

ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles

Lately, Microsoft is advocating moving away from the Hybrid Azure AD Join model to the Azure AD Join model, leaving the traditional domain-join model behind. Microsoft feels it’s time to leave ye ol’ Active Directory behind, but a lot of settings, preferences, files and folders are still part of this legacy. They are part of … Continue reading "ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles"

What's New in Azure Active Directory for August 2021

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for August 2021: What's New Azure AD single Sign on and device-based … Continue reading "What's New in Azure Active Directory for August 2021"

Active Directory- and Azure AD-related sessions at The Experts Conference (TEC) 2021

The Experts Conference (TEC), sponsored by Quest is a yearly conference to get advanced practical Active Directory and Office 365 education. Sponsored by the leaders who have helped move, manage and secure over 336 million Active Directory users, TEC 2021 gives you the opportunity to expand your knowledge by connecting with Microsoft MVPs, industry and … Continue reading "Active Directory- and Azure AD-related sessions at The Experts Conference (TEC) 2021"

How to check if Azure AD has processed the hybrid authentication method change

Many organizations with Azure AD tenant are currently transitioning from federation to Pass-through Authentication (PTA) and/or authentication based on Password Hash Synchronization (PHS). The Staged Roll-out feature is a straight-forward way to perform this transition. Microsoft has described how to migrate from federation to cloud authentication in Azure Active Directory using this feature. Note: In … Continue reading "How to check if Azure AD has processed the hybrid authentication method change"

Version 1.1.582.0 of the Azure AD Connect Provisioning Agent prevents MitM attacks towards Domain Controllers (CVE-2021-36949)

This weekend, Microsoft released a new version of the Azure AD Connect Provisioning Agent. Version 1.1.582.0 addresses an authentication bypass vulnerability that is present in all previous versions of the agent. About the vulnerability An attacker can successfully perform a Meddle-in-the-Middle (MitM) attack between Windows Server installations running Azure AD Connect Provisioning Agents and Active … Continue reading "Version 1.1.582.0 of the Azure AD Connect Provisioning Agent prevents MitM attacks towards Domain Controllers (CVE-2021-36949)"