It happened to all of us: sending a mail to the wrong recipient. Or disclosing the other recipients to each other.Let me show some quick tips that might help limit your users sending information to the wrong recipient. Embarrassing The Dutch Data Protection Agency (Dutch: Autoriteit Persoonsgegevens) is responsible for the supervision of correct handing … Continue reading "Quick tips to limit sending mail to the wrong recipient"
Category: Security
Security
HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure … Continue reading "HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases"
HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. User objects with the Global administrator role are the highest privileged objects in Azure AD and should be monitored. The challenge with Global Admins Some organizations have opted for a Technical State … Continue reading "HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role"
How To: Exchange Authentication Policies
There are several ways how you can protect and limit access to Exchange Online. Conditional Access, Client Access Rules, the older ActiveSync Device rules and, the topic of this post, Authentication Policies. These policies are available in Exchange Online and Exchange Server 2019 since CU2. This article will show you how to implement this. Why … Continue reading "How To: Exchange Authentication Policies"
HOWTO: Disable Office for the Web for your Microsoft 365 users
Office for the Web (previously known as Office Web Apps) is one of the nicest features in Microsoft 365. It allows people to view and interact with documents in their web browser, without the need to install or use any of the native Microsoft 365 apps. Alas, there are some privacy concerns, and some organizations … Continue reading "HOWTO: Disable Office for the Web for your Microsoft 365 users"
HOWTO: Set an alert to notify when an Azure AD emergency access account is used
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. For administrative access at al times and under all circumstances, Microsoft recommends to create at least one emergency access account in Azure Active Directory when an organization has Azure AD Premium P1 and/or … Continue reading "HOWTO: Set an alert to notify when an Azure AD emergency access account is used"
Security Officer: Please block the iOS native mail app (for) now!
Last week an announcement was made: The native mail app in Apple's iOS has zero-day vulnerabilities, deemed critical. No patch is available at this time. More information about the vulnerability can be found here. For you as IT admin this means that you probably have work to do. The main questions you may be facing … Continue reading "Security Officer: Please block the iOS native mail app (for) now!"
HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"
HOWTO: Deploy Azure AD Connect with SQL Server
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing Azure AD Connect with a … Continue reading "HOWTO: Deploy Azure AD Connect with SQL Server"
TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes
In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way … Continue reading "TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes"