HOWTO: Disable unnecessary AD FS endpoints

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they … Continue reading "HOWTO: Disable unnecessary AD FS endpoints"

HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows … Continue reading "HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect"

HOWTO: Enforce Azure AD Connect to use TLS 1.2 only

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience ("Full installation") … Continue reading "HOWTO: Enforce Azure AD Connect to use TLS 1.2 only"

HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why harden Azure AD Connect Hardening provides additional layers to defense in depth approaches. It changes the … Continue reading "HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect"

Valimail Monitor for Office 365: Your Free DMARC Reporting Tool

On their security blog on the 3rd of June 2019, Microsoft announced that Valimail Monitor for Office 365 is available. This option enables organizations using Exchange Online from Office 365 for their company mail to leverage DMARC. The Road to securing E-Mail Cyberattacks are common these days. These attacks can be actively targeting your organization … Continue reading "Valimail Monitor for Office 365: Your Free DMARC Reporting Tool"

HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running … Continue reading "HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers"

HOWTO: Disable Unnecessary Services on Web Application Proxies

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower … Continue reading "HOWTO: Disable Unnecessary Services on Web Application Proxies"

HOWTO: Disable account enumeration in Azure Active Directory

To celebrate the availability of the Active Directory Administration Cookbook, I decided to write a blogpost in the typical structure of a recipe in this book:     Disabling account enumeration Use this recipe to disable account enumeration for an Azure Active Directory tenant. After completing this recipe, people with user accounts in the tenant will … Continue reading "HOWTO: Disable account enumeration in Azure Active Directory"

HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent

Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself.   About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication … Continue reading "HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent"

I will be speaking at IT/Dev Connections 2018!

Next week I will be speaking at the IT/Dev Connection conference in Dallas (TX) during 16-18th October 2018, which is particularly exciting for me as it is the first time I will present in the USA! The session title is “Securing, Protecting, and Managing the Flow of Corporate Communications”. The session abstract tells you a … Continue reading "I will be speaking at IT/Dev Connections 2018!"