HOWTO: Set an alert to notify when an Azure AD emergency access account is used

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. For administrative access at al times and under all circumstances, Microsoft recommends to create at least one emergency access account in Azure Active Directory when an organization has Azure AD Premium P1 and/or … Continue reading "HOWTO: Set an alert to notify when an Azure AD emergency access account is used"

Security Officer: Please block the iOS native mail app (for) now!

Last week an announcement was made: The native mail app in Apple's iOS has zero-day vulnerabilities, deemed critical. No patch is available at this time. More information about the vulnerability can be found here. For you as IT admin this means that you probably have work to do. The main questions you may be facing … Continue reading "Security Officer: Please block the iOS native mail app (for) now!"

HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"

HOWTO: Deploy Azure AD Connect with SQL Server

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing Azure AD Connect with a … Continue reading "HOWTO: Deploy Azure AD Connect with SQL Server"

TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes

In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way … Continue reading "TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes"

HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune

The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen for Azure AD accounts. However, a method to achieve the same goal without … Continue reading "HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune"

HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing AD FS with a back-end … Continue reading "HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection"

TODO: Install the January 2020 Cumulative Update in your networking infrastructure

This Tuesday, Microsoft released an update that fixes a critical vulnerability in Windows and Windows Server. I urge you to install this update as soon as possible.   About the vulnerability The vulnerability, labeled CVE-2020-0601 was responsibly disclosed by the NSA to Microsoft. It is dubbed ‘NSACrypt’. A spoofing vulnerability exists in the way Windows … Continue reading "TODO: Install the January 2020 Cumulative Update in your networking infrastructure"

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"