Skip to Content

Category Archives: Security

Security

HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts

Written on November 12, 2019 at 12:19 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly delegating directory access to Azure AD Connect service […]

HOWTO: Use Azure AD App Filtering to limit attributes for the objects in scope for Azure AD Connect

Written on November 5, 2019 at 9:07 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Attribute Filtering When installing Azure AD Connect with Express Settings, all objects in the […]

HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect

Written on October 29, 2019 at 3:30 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Domain and OU Filtering When installing Azure AD Connect with Express Settings, all objects […]

HOWTO: Properly set and manage Azure AD Connect’s Export Deletion Threshold

Written on October 22, 2019 at 7:20 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we start looking at Azure AD Connect in-depth.   Why look at […]

HOWTO: Add the required Hybrid Identity URLs to the Trusted Sites list of Internet Explorer and Edge

Written on October 17, 2019 at 12:01 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

HOWTO: Add the required Hybrid Identity URLs to the Local Intranet list of Internet Explorer and Edge

Written on October 15, 2019 at 11:51 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256

Written on October 8, 2019 at 3:15 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly securing relying party trusts on AD FS servers […]

HOWTO: Enable Extranet Smart Account Lockout on the AD FS Farm

Written on October 1, 2019 at 8:57 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we look at a new feature of Active Directory Federation Services (AD […]

HOWTO: Handle Windows Update on non-domain-joined Web Application Proxies

Written on September 17, 2019 at 9:27 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies

Written on September 10, 2019 at 8:53 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]