HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive … Continue reading "HOWTO: Design a networking infrastructure for Hybrid Identity components"

HOWTO: Change the Security Response Headers on AD FS

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the security headers for AD FS implementations. Note: This … Continue reading "HOWTO: Change the Security Response Headers on AD FS"

HOWTO: Enable Extended Protection for Authentication on the AD FS Farm

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the extended protection for authentication feature with AD FS. … Continue reading "HOWTO: Enable Extended Protection for Authentication on the AD FS Farm"

HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly delegating directory access to Azure AD Connect service … Continue reading "HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts"

HOWTO: Use Azure AD App Filtering to limit attributes for the objects in scope for Azure AD Connect

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Attribute Filtering When installing Azure AD Connect with Express Settings, all objects in the … Continue reading "HOWTO: Use Azure AD App Filtering to limit attributes for the objects in scope for Azure AD Connect"

HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Domain and OU Filtering When installing Azure AD Connect with Express Settings, all objects … Continue reading "HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect"

HOWTO: Properly set and manage Azure AD Connect’s Export Deletion Threshold

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we start looking at Azure AD Connect in-depth.   Why look at … Continue reading "HOWTO: Properly set and manage Azure AD Connect’s Export Deletion Threshold"

HOWTO: Add the required Hybrid Identity URLs to the Trusted Sites list of Internet Explorer and Edge

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to … Continue reading "HOWTO: Add the required Hybrid Identity URLs to the Trusted Sites list of Internet Explorer and Edge"

HOWTO: Add the required Hybrid Identity URLs to the Local Intranet list of Internet Explorer and Edge

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to … Continue reading "HOWTO: Add the required Hybrid Identity URLs to the Local Intranet list of Internet Explorer and Edge"

HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly securing relying party trusts on AD FS servers … Continue reading "HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256"