HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"

HOWTO: Deploy Azure AD Connect with SQL Server

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing Azure AD Connect with a … Continue reading "HOWTO: Deploy Azure AD Connect with SQL Server"

TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes

In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way … Continue reading "TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes"

HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune

The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen for Azure AD accounts. However, a method to achieve the same goal without … Continue reading "HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune"

HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing AD FS with a back-end … Continue reading "HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection"

TODO: Install the January 2020 Cumulative Update in your networking infrastructure

This Tuesday, Microsoft released an update that fixes a critical vulnerability in Windows and Windows Server. I urge you to install this update as soon as possible.   About the vulnerability The vulnerability, labeled CVE-2020-0601 was responsibly disclosed by the NSA to Microsoft. It is dubbed ‘NSACrypt’. A spoofing vulnerability exists in the way Windows … Continue reading "TODO: Install the January 2020 Cumulative Update in your networking infrastructure"

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Change the Security Response Headers on AD FS

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the security headers for AD FS implementations. Note: This … Continue reading "HOWTO: Change the Security Response Headers on AD FS"

HOWTO: Enable Extended Protection for Authentication on the AD FS Farm

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the extended protection for authentication feature with AD FS. … Continue reading "HOWTO: Enable Extended Protection for Authentication on the AD FS Farm"