How Hot Patch for Windows Server Azure Edition helps secure Domain Controllers

At Microsoft Ignite 2021 Spring Edition, Microsoft introduces the Public Preview of Hot Patching for Windows Server Azure Edition. About hot patching for Windows Server Azure Edition Microsoft announced new capabilities at Microsoft Ignite 2021 Spring edition for Azure Automanage to simplify operations for Windows Server-based virtual machines (VMs). Azure Automanage helps organizations to reduce … Continue reading "How Hot Patch for Windows Server Azure Edition helps secure Domain Controllers"

Making the Case for 30-day Token-signing and Token-decrypting Certificates in AD FS

I feel we are at a crossroads. Five years ago, I made the case for token-signing and token-decrypting certificates in Active Directory Federation Services (AD FS) with a validity of 5-year. Today, I’m making the case for 30-day Token-signing and Token-decrypting certificates, based on my understanding of the UNC2452 attack campaign (also known as ‘SolariGate’). … Continue reading "Making the Case for 30-day Token-signing and Token-decrypting Certificates in AD FS"

Azure Active Directory Pod Identity Spoofing Vulnerability (CVE-2021-1677)

Today, for its January 2021 Patch Tuesday, Microsoft released an important security update for Azure Active Directory Pod Identities. This vulnerability is known as CVE-2021-1677 and rated with CVSSv3.0 scores of 5.5/4.8 About the vulnerability The Azure AD pod identity feature enables users to assign identities to pods in Kubernetes clusters and fetch them from … Continue reading "Azure Active Directory Pod Identity Spoofing Vulnerability (CVE-2021-1677)"

Is the Authenticator App required for free Azure MFA?

At Microsoft Ignite 2019, Microsoft announced free Azure Multi-factor Authentication for all through the new Security Defaults feature for Azure Active Directory: Enable multi-factor authentication for free. Now, the official documentation shares more information on this feature and it implies that Azure Multi-factor Authentication (Azure MFA) is only free when it is enabled through the … Continue reading "Is the Authenticator App required for free Azure MFA?"

Identity-related sessions at Microsoft Ignite 2017 in Orlando

Microsoft Ignite 2017 North America in Orlando is only a few weeks away and many of us have begun filling their session builder with interesting sessions, corresponding to their interests and knowledge. I decided to compile a list of the Active Directory, Azure Active Directory, Graph, Group Policy  and Enterprise Mobility + Security (EM+S) related … Continue reading "Identity-related sessions at Microsoft Ignite 2017 in Orlando"

Azure AD Cloud App Discovery as a Service, not as a Project

Azure Active Directory is quickly becoming the Identity Management-as-a-Service solution of choice for many organizations. One of the nicest features, but unfortunately less common features of Azure AD is its Cloud App Discovery tool and the way it integrates with Azure AD Identity Protection.   About Azure AD Cloud App Discovery Azure AD Cloud App … Continue reading "Azure AD Cloud App Discovery as a Service, not as a Project"

Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)

Today, during this December Patch Tuesday, Microsoft released a security update for Windows Server DNS among other security-related updates. While I’d normally only draw your attention to Active Directory security updates, I’ve chosen to blog on this update, because the vast majority of Active Directory Domain Controllers I come across function as DNS Servers serving … Continue reading "Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)"

Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)

During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian … Continue reading "Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)"

Choosing the right Azure MFA authentication methods

A couple of weeks ago, I took interest in Azure Multi-factor Authentication (MFA) and wrote a series on 4Sysops, detailing the Azure MFA Service and the on-premises Multi-Factor Authentication Server: Azure Multi-Factor Authentication – Part 1: Introduction Azure Multi-Factor Authentication – Part 2: Components Azure Multi-Factor Authentication – Part 3: Configuring Azure Multi-Factor Authentication – … Continue reading "Choosing the right Azure MFA authentication methods"

Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)

As you might recall, Microsoft offered a solution to systems administrators to set the local administrator password on domain-joined devices using Group Policy Preferences, but ended the solution, almost a year ago, when the encoding mechanism was decoded and an attack was created towards this vulnerability (CVE-2014-1812).   Introducing LAPS Yesterday, Microsoft introduced version 6 … Continue reading "Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)"