How familiar are you with Entra ID App Registration and Enterprise App Security?

If you are unfamiliar with Microsoft Entra ID (formerly Azure Active Directory) and enterprise app security, you should take steps to change that. Application governance is complex, so its intricacies and importance tend to be overlooked when organizations first create a cloud security strategy. However, failing to properly secure and monitor Entra ID can result … Continue reading "How familiar are you with Entra ID App Registration and Enterprise App Security?"

Join us for a Webinar on the Importance of Active Directory Monitoring

On Tuesday March 21st, 2023, I will be presenting a free 60-minute webinar on Active Directory, together with Jay Gundotra of ENow fame.   About this webinar In case you've forgotten; Active Directory is Microsoft's on-premises Identity management solution. Most large organization use it as their primary Identity and Access Management (IAM) solution and then … Continue reading "Join us for a Webinar on the Importance of Active Directory Monitoring"

HOWTO: Create a Group Policy Central Store

The Group Policy Central Store in Active Directory’s System Volume (SYSVOL) share optimizes Group Policy authoring and replication. The group policy central store is a central location to store all the Group Policy template (*.admx) and Group Policy Language (*.adml) files. The Central Store eliminates the loading and opening of Group Policy template files on systems … Continue reading "HOWTO: Create a Group Policy Central Store"

HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect

In recent versions of Azure AD Connect, you can use the mS-DS-ConsistencyGUID attribute as the source anchor attribute. This provides flexibility in cross-forest migration scenarios. However, if another solution in the networking environment has already claimed the mS-DS-ConsistencyGUID attribute for its purposes, Azure AD Connect won’t allow you to use this attribute and instead default … Continue reading "HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect"

The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available

The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the … Continue reading "The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available"

The video of our presentation at Veeam Live is now available

Veeam organized its Veeam Live event on October 20th, 2020. Veeam is defining the future of cloud data solutions and helping today’s businesses securely and reliably protect and easily recover their data. At Veeam Live, they offered data protection management guidance, showed how to up your data protection game and allowed to connect with like-minded … Continue reading "The video of our presentation at Veeam Live is now available"

HOWTO: Harden Remote Desktop connections to Domain Controllers

Workstations that are allowed to communicate to Domain Controllers pose a risk of lateral movement. To mitigate some of these risks, we can harden the Remote Desktop connections to Domain Controllers. Note: For organizations that have implemented the Active Directory administrative tier model, or are striving to embrace, their Privileged Access Workstations (PAWs) pose a … Continue reading "HOWTO: Harden Remote Desktop connections to Domain Controllers"

Why DCPromo removes the passwords from your answer files after usage

One of the recommended practices for configuring Domain Controllers is to use an answer file to promote the server from a domain-joined server to a Domain Controller.   Benefits of using an answer file The benefit is using an answer file is that the file can be reused for multiple promotions. This way, Domain Controllers … Continue reading "Why DCPromo removes the passwords from your answer files after usage"

TODO: Enable the new My Apps and My Profile Experiences

Microsoft will be updating the current Azure AD Apps and Profile experiences on July 20th 2020. This means that from that data onward your colleagues will be automatically switched over to the updated My Apps and My Account experiences. Note: The updated My Apps and My Account offer the same functionality as the current experiences, … Continue reading "TODO: Enable the new My Apps and My Profile Experiences"

I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook

On April 22nd, 28th and 30th, 2020, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demonstrated from me and Netwrix’ Jeff Melnick!   About the webinars I feel webinars are a great way to show people the potential of technology. … Continue reading "I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook"