Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows … Continue reading "HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect"
Category: Azure Active Directory
Azure Active Directory
HOWTO: Enforce Azure AD Connect to use TLS 1.2 only
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience ("Full installation") … Continue reading "HOWTO: Enforce Azure AD Connect to use TLS 1.2 only"
HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Why harden Azure AD Connect Hardening provides additional layers to defense in depth approaches. It changes the … Continue reading "HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect"
What’s New in Azure Active Directory for June 2019
Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2019: What’s New New riskDetections API for Microsoft Graph … Continue reading "What’s New in Azure Active Directory for June 2019"
HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running … Continue reading "HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers"
HOWTO: Disable Unnecessary Services on Web Application Proxies
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower … Continue reading "HOWTO: Disable Unnecessary Services on Web Application Proxies"
Knowledgebase: Azure AD Connect’s Seamless SSO breaks when you disable RC4_HMAC_MD5
It’s a recommended practice to disable weak ciphers and encryption algorithms. Some standards require this. As technology evolves, the list of available ciphers and their priority in encryption negotiations changes. This limits the risk of losing confidentiality on communications between systems, applications and (cloud) services. While you’ve probably heard of disabling 3DES and all versions … Continue reading "Knowledgebase: Azure AD Connect’s Seamless SSO breaks when you disable RC4_HMAC_MD5"
What’s New in Azure Active Directory for May 2019
Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for May2019: What’s Planned Future support for only TLS 1.2 protocols … Continue reading "What’s New in Azure Active Directory for May 2019"
HOWTO: Disable account enumeration in Azure Active Directory
To celebrate the availability of the Active Directory Administration Cookbook, I decided to write a blogpost in the typical structure of a recipe in this book: Disabling account enumeration Use this recipe to disable account enumeration for an Azure Active Directory tenant. After completing this recipe, people with user accounts in the tenant will … Continue reading "HOWTO: Disable account enumeration in Azure Active Directory"
Creating the ‘Microsoft Office 365 Identity Platform’ Relying Party Trust manually
There are several methods to create the Relying Party Trust (RPT) between Active Directory Federation Services (AD FS) and Azure Active Directory automatically: Using Azure AD Connect with the Use an existing AD FS farm option or the Configure a new AD FS farm option, when configuring Federation with AD FS as the authentication method. … Continue reading "Creating the ‘Microsoft Office 365 Identity Platform’ Relying Party Trust manually"