The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the … Continue reading "The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available"
Veeam Backup for Office 365 v5 supports Backup and Restore of Teams and offers Architectural Enhancements
Today, Veeam released Veeam Backup for Microsoft Office 365 version 5.0.0.1061. This is the Release to Manufacturers (RTM) version of Veeam Backup for Microsoft Office 365 v5. What’s New Next to enhanced backup job scheduling, easier collecting and exporting Veeam Explorer log files, the new VMC log and several RESTful API enhancements, here’s what’s … Continue reading "Veeam Backup for Office 365 v5 supports Backup and Restore of Teams and offers Architectural Enhancements"
On-premises Identity-related updates and fixes for November 2020
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for November 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4586830 November 10, 2020 The … Continue reading "On-premises Identity-related updates and fixes for November 2020"
What's New in Azure Active Directory for November 2020
Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2020: What’s Planned Azure Active Directory TLS 1.0, TLS 1.1 … Continue reading "What's New in Azure Active Directory for November 2020"
The video of our presentation at Veeam Live is now available
Veeam organized its Veeam Live event on October 20th, 2020. Veeam is defining the future of cloud data solutions and helping today’s businesses securely and reliably protect and easily recover their data. At Veeam Live, they offered data protection management guidance, showed how to up your data protection game and allowed to connect with like-minded … Continue reading "The video of our presentation at Veeam Live is now available"
KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers
This week, I encountered unexpected behavior with Active Directory Federation Services (AD FS) on a Windows Server installation that an organization had recently transitioned to from an AD FS server running a previous version of Windows Server. I’m sharing my experiences, so others may benefit from our troubleshooting and solution. The situation Your organization … Continue reading "KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers"
TODO: Stream additional logs from Azure AD for optimal visibility
Over the past six months, I’ve shown you ways to get to know the devices that people in your organization use App Passwords on, set an alert to notify when an additional person is assigned the Azure AD Global Administrator role and set an alert to notify when an Azure AD emergency access account is … Continue reading "TODO: Stream additional logs from Azure AD for optimal visibility"
HOWTO: Get rid of the Conditional Access Baseline Policies in your Azure AD tenant
In September 2018, Microsoft introduced the concept of Conditional Access baseline policies. Baseline policies were superseded by Security Defaults, and starting February 2020 the Baseline Conditional Access policies were disabled in all Azure AD tenants. However, these lingering baseline policies are all Off and cannot be turned on. They can also not be removed from … Continue reading "HOWTO: Get rid of the Conditional Access Baseline Policies in your Azure AD tenant"
Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)
Today, VMware released an update that addresses a use-after-free vulnerability in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability CVE-2020-4005). Together these two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware by … Continue reading "Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)"
Experiences with Zero Trust
Recently, people responsible for identity, security and governance have embraced the vision of Zero Trust. It is the logical evolution of our thinking towards an actionable, more thorough and holistic approach to access, based on the mantra ‘trust no-one, verify everything’. Today, I'm sharing my early experiences in this field. The idea of Zero … Continue reading "Experiences with Zero Trust"