Pictures of the Dutch Workplace Ninja's meetup at Pink Elephant

Reading Time: 2 minutes

Pink Elephant in Naarden, the Netherlands

Last week, Raymond Comvalius and I presented at the first 2024 meetup of the Workplace Ninjas Netherlands (WPNinjasNL).

While driving to the venue, I encountered Raymond in his variation of our favorite car:

Raymond driving to the venue in his Tesla Model 3

We arrived exactly on time to grab the last two parking spots at Pink Elephant's headquarters in Naarden, the Netherlands. We grabbed something to drink and enjoyed Bob Cornelissen's session on multi-cloud and hybrid monitoring with Azure Monitor, starting at 4 PM. At 5:05 PM, Remco Visser presented another 60-minute session on Microsoft Copilot for organizations and legal departments.

At 6:05 dinner and drinks were served.

At 7 PM, Raymond and I kicked off our 'Ali Baba and the Entra ID tokens: Script authentication with the Microsoft Graph' session for the first time before a live audience. We had spend time in designing the slides and demos, but had already run into some common errors (PowerShell 5.x vs. PowerShell 7.x) when preparing the demos.

During the session, we hit some other snags and ran way over our allotted 60 minutes. Attendees didn't have to leave early, so we ran until 7:25 PM, showing all the goodness that we had to offer.

 

Thank you!

Thank you to Peter, Kenneth and Sander from the Dutch Workplace Ninjas Community for organizing a successful event and inviting Raymond and me as speakers, to all my community friends and, of course, to all the people attending, sitting in on the session and, of course, the people with whom I had interesting discussions afterward.

0  

I'm presenting at the Veeam User Group Netherlands meetup

Reading Time: 2 minutes

Veeam Community

As a recently awarded Veeam Vanguard and Veeam User Group Leader, I'm proud to announce that I will be presenting at Veeam User Group Netherlands' virtual meeting on March 19th, 2024.

 

About the Veeam User Group Netherlands

Maurice Kevenaar, Jos Maliepaard and I run the Veeam User Group (VUG) Netherlands Dutch.

Our goal as the Dutch Veeam User Group is to offer a platform for partners and customers of Veeam in the Netherlands and Flanders (Belgium). We are independent of Veeam, but officially recognized and promoted by Veeam. We share information on software releases, security updates and tools. We sometimes share blog posts on new Veeam releases and organize local events in Dutch, featuring experts, users, vendors and Veeam employees.

 

About our March 19th virtual meeting

On Tuesday March 19th, 2024, between 4 PM and 5 PM CET, Jos leads our first 2024 meeting, sponsored by ObjectFirst.

This event is presented in Dutch.

 

About my presentation

As part of the March 19th, 2024 meeting, I'll present on:

Four five-minute tips when backing up and restoring virtual Domain Controllers Dutch

In most organizations when Active Directory is unavailable, it’s game over. Have you ever wondered if you’re making backups of virtual Domain Controllers the right way or have you ever woken up in the middle of the night from a nightmare in which you couldn’t restore one? I'll share four tips on making sure you’re doing the right things. In this session, I’ll show you how to make sure host-based backups are performed correctly, make sure you can sign in to a Domain Controller after you restore it, make sure the Domain Controller is properly restored and even see how often a particular Domain Controller has been restored to a previous state. Domain Controllers provide this information and after this session you’ll know exactly how to find it.

I'll deliver this presentation in Dutch.

Join us!

Simply use this GoTo link to join us on Tuesday March 19th, 2024, at 4 PM CET.
If you want to have a reminder, add the event to your calendar.

Among the attendees, we'll raffle Lego set 75341, graciously provided by ObjectFirst.

Jos, Maurice and I hope to see you there! 😊

0  

On-premises Identity-related updates and fixes for February 2024

Reading Time: 2 minutes

Windows Serrer

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for February 2024:

 

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5034767 February 13, 2024

The February 13, 2024, update for Windows Server 2016 (KB5034767), updating the OS build number to 14393.6709, is a monthly cumulative update. It does not include Identity-related improvements.

 

Windows Server 2019

We observed the following update for Windows Server 2019:

KB5034768 February 13, 2024

The February 13, 2024,, update for Windows Server 2019 (KB5034768), updating the OS build number to 17763.5458, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that affects a local account. You cannot sign in to an account that Windows LAPS manages. This occurs if you set the Require Smart Card for Interactive Logon policy.
  • This update changes a setting in the Active Directory Users and Computers MMC snap-in (dsa.msc). By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.

 

Windows Server 2022

We observed the following update for Windows Server 2022:

KB5034770 February 13, 2024

The February 13, 2024, update for Windows Server 2022 (KB5034770), updating the OS build number to 20348.2322, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that affects a local account. You cannot sign in to an account that Windows LAPS manages. This occurs if you set the Require Smart Card for Interactive Logon policy.
  • This update changes a setting in the Active Directory Users and Computers MMC snap-in (dsa.msc). By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.
  • This update addresses an issue that affects the Certificate Authority MMC snap-in (certsrv.msc). You cannot select the Delta CRL option. This stops you from using the graphical user interface to publish Delta certificate revocation lists (CRLs).
0  

What's New in Entra ID for February 2024

Reading Time: 3 minutes

Microsoft Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for February 2024:

 

What's Planned

Microsoft Entra ID Protection: "Low" risk age out Planned

Service category: Identity Protection
Product capability: Identity Security & Protection

Starting March 31st, 2024, all low risk detections and users in Microsoft Entra ID Protection that are older than 6 months will be automatically aged out and dismissed. This allows organizations to focus on more relevant risks and provides a cleaner investigation environment.

 

What's Deprecated

Windows Azure Active Directory Connector for Forefront Identity Manager Deprecated

Service category: Microsoft Identity Manager
Product capability: Inbound to Microsoft Entra ID

The Windows Azure Active Directory Connector for Forefront Identity Manager (FIM WAAD Connector) from 2014 was deprecated in 2021. The standard support for this connector ends in April 2024. Organizations should remove this connector from their Microsoft Identity Manager (MIM) sync deployment, and instead use an alternative provisioning mechanism.

 

What's New

Granular filtering of Conditional Access policy list General Availability

Service category: Conditional Access
Product capability: Access Control

Conditional access policies can now be filtered on actor, target resources, conditions, grant control and session control. The granular filtering experience can help admins quickly discover policies containing specific configurations.

 

Microsoft Entra ID Protection: New premium user risk detection; Suspicious API Traffic General Availability

Service category: Identity Protection
Product capability: Identity Security & Protection

Microsoft has released a new premium user risk detection in Identity Protection called Suspicious API Traffic. This detection is reported when Identity Protection detects anomalous Graph traffic by a user. Suspicious API traffic might suggest that a user account is compromised and abused to conduct reconnaissance in the environment.

 

Identity Protection and Risk Remediation on the Azure Mobile App General Availability

Service category: Identity Protection
Product capability: Identity Security & Protection

Previously supported only in the portal, Identity Protection is a powerful tool that empowers admins to proactively manage identity risks. Now available in the Azure Mobile app, admins can respond to potential threats with ease and efficiency. This feature includes comprehensive reporting, offering insights into risky behaviors such as compromised user accounts and suspicious sign-ins.

  • The Risky users report provides visibility into accounts flagged as compromised or vulnerable. Actions such as blocking/unblocking sign-ins, confirming the legitimacy of compromises, or resetting passwords are conveniently accessible, ensuring timely risk mitigation.
  • The Risky sign-ins report provides a detailed overview of suspicious sign-in activities, aiding admins in identifying potential security breaches. While capabilities on mobile are limited to viewing sign-in details, admins can take necessary actions through the portal, such as blocking sign-ins. Alternatively, admins can choose to manage the corresponding risky user's account until all risks are mitigated.

Stay ahead of identity risks effortlessly with Identity Protection on the Azure Mobile app. These capabilities are intended to provide user with the tools to maintain a secure environment and peace of mind for their organization.

 

Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Entra App gallery with Provisioning support. Admins can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

 

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In February 2024, Microsoft has added the following new applications in the Entra App gallery with Federation support:

  1. Presswise
  2. Stonebranch Universal Automation Center (SaaS Cloud)
  3. ProductPlan
  4. Bigtincan for Outlook
  5. Blinktime
  6. Stargo
  7. Garage Hive BC v2
  8. Avochato
  9. Luscii
  10. LEVR
  11. XM Discover
  12. Sailsdock
  13. Mercado Eletronico SAML
  14. Moveworks
  15. Silbo
  16.  Alation Data Catalog
  17. Papirfly SSO
  18. Secure Cloud User Integration
  19. AlbertStudio
  20. Automatic Email Manager
  21. Streamboxy
  22. NewHotel PMS
  23. Ving Room
  24. Trevanna Tracks
  25. Alteryx Server
  26. RICOH Smart Integration
  27. Genius
  28. Othership Workplace Scheduler
  29. GitHub Enterprise Managed User – ghe.com
  30. Thumb Technologies
  31. Freightender SSO for TRP (Tender Response Platform)
  32. BeWhere Portal (UPS Access)
  33. Flexiroute
  34. SEEDL
  35. Isolocity
  36. SpotDraft
  37. Blinq
  38. Cisco Phone OBTJ
  39. Applitools Eyes

 

What's Changed

Expansion of the Conditional Access re-authentication policy for additional scenarios Public Preview

Service category: Conditional Access
Product capability: Identity Security & Protection

Re-authentication policies lets admins require people in the organization to interactively provide their credentials again, typically before accessing critical applications and taking sensitive actions. Combined with the Conditional Access session control Sign-in frequency, admins can require re-authentication for users and sign-ins with risk, or for Intune enrollment. With this public preview, admins can now require re-authentication on any resource protected by Conditional Access.

0  

I'm a 2024 Veeam Vanguard

Reading Time: < 1 minute

Veeam Vanguard 2024

Today, I received an e-mail from Nikola Pejkova  from Veeam congratulating me with being selected for the 2024 Veeam Vanguard Program as part of the Veeam100 family of programs.

For me, it means I successfully renewed my previous eight Veeam Vanguard Awards in this veeamazing program, dating back to 2016.

I feel honored.

Thank you! 🙏

 

 

About Veeam Vanguards

The Vanguard program is led by the Veeam Technical Product Marketing & Evangelism team and supported by the entire company. It’s a program around the community of Veeam experts that truly get Veeam’s message, understand Veeam’s products and are Veeam’s closest peers in IT.

Veeam Vanguards represent Veeam’s brand to the highest level in many of the different technology communities. These individuals are chosen for their acumen, engagement and style in their activities on and offline.

The full list of Veeam Vanguards will be available shortly here.

FURTHER READING

I'm a 2023 Veeam Vanguard
I’m a 2022 Veeam Vanguard
I’m a 2021 Veeam Vanguard
I’m a 2020 Veeam Vanguard
I am a 2019 Veeam Vanguard
I am a 2018 Veeam Vanguard
I am a 2017 Veeam Vanguard
I am a 2016 Veeam Vanguard

0  

Entra Connect Sync v2.3.6.0 improves Automatic Upgrade eligibility detection

Reading Time: < 1 minute

Entra Connect Sync v2.1.15.0 was the first v2.x to be announced with Automatic Upgrades functionality, on July 6th 2022. However, Microsoft's support life cycle for Windows Server Operating Systems and .NET Framework versions would sometimes stand in the way of these upgrades. Entra Connect Sync v2.3.6.0 now comes with improvements in this area.

 

What’s New

Entra Connect Sync v2.3.6.0 offers a bug fix.

Improved Automatic Upgrade eligibility detection

Starting with Entra Connect Sync v2.3.6.0, Entra Connect Sync's Automatic Upgrade functionality will no longer retry if it detects the host does not meet the Operating System (OS) or .NET Framework requirements.

While this improvement limits automatic upgrades to unsupported configurations, it results in Entra Connect Sync installations on outdated and possibly vulnerable versions. I bet that not every Identity admin experiences this as an improvement…

 

Version information

Version 2.3.6.0 of Entra Connect Sync (previously known as Azure AD Connect Sync) was made available for download only on February 21st, 2024.

You can download the latest version of Entra Connect Sync here.

Superseded versions

Past versions of Microsoft Entra Connect Sync 2.x are retired 12 months from the date they are superseded by a newer version. With Entra Connect Sync v2.3.6.0, Entra Connect Sync version 2.1.19.0 and versions before are retired (superseded by Entra Connect Sync v2.1.20.0 on November 9th, 2022).

If you run a retired version of Microsoft Entra Connect, it might unexpectedly stop working.

0  

VMware's Enhanced Authentication Plug-in is deprecated and critically vulnerable – Remove it now (VMSA-2024-0003)

Reading Time: 2 minutes

Critical Updates

Two critical vulnerabilities in the optional Enhanced Authentication Plug-in require the immediate removal of this software from admin workstations and management servers.

 

About VMware's Enhanced Authentication Plug-in

VMware's Enhanced Authentication Plug-in (EAP) is an optional piece of software that can be downloaded from VMware's download center and can be installed om admin workstations and management servers (client-side). The plug-in allows administrators to seamlessly sign in to vCenter Server using Windows Integrated Authentication and/or Windows-based smart cards.

The Enhanced Authentication Plugin has been deprecated since the General Availability (GA) of vSphere 7.0. From vSphere 7.0u2 onward, VMware discontinued support for Windows Integrated Authentcation, smart card support and RSA SecurID for vCenter Server. VMware advises Identity Federation to sign in to vCenter Server as an alternative to using the plug-in, providing connections to Active Directory Federation Services (ADFS), Okta and Microsoft Entra ID (formerly AzureAD).

The latest version of the plug-in is version 6.7.0.

 

About the vulnerabilities in the Plug-in

VMSA-2024-0003 reports two vulnerabilities in VMware's Enhanced Authentication Plug-in:

 

Arbitrary Authentication Relay Vulnerability

The VMware Enhanced Authentication Plug-in contains an Arbitrary Authentication Relay vulnerability, tracked as CVE-2024-22245. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3.1 base score of 9.6.

An adversary could trick a vSphere admin with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

 

Session Hijack Vulnerability

The VMware Enhanced Authentication Plug-in contains a Session Hijack vulnerability, tracked as CVE-2024-22250. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3.1 base score of 7.8.

An adversary with unprivileged local access to a Windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

 

Call to action

Remove the VMware Enhanced Authentication Plug-in by following the guidance in VMware KB96442.

 

Further reading

VMSA-2024-0003
VMSA-2024-0003: Questions & Answers
Removing the deprecated VMware Enhanced Authentication Plugin (EAP) to address CVE-2024-22245 and CVE-2024-22250 (96442)

0  

I'm speaking at Netwrix Connect 2024

Reading Time: 2 minutes

Netwrix Connect 2024, March 4-6 in Orlando Florida

Back in 2012, I had the pleasure of talking to the people at STEALTHbits. They offered great products that are of great use to Identity admins. Then, they got acquired by Netwrix – another vendor with great solutions, that I've often highlighted during webinars. Now, Netwrix is hosting their first in-person customer and partner event. They've asked me to present. 😊

 

About Netwrix

Netwrix logoNetwrix empowers information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides.

Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers. Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

 

About Netwrix Connect

Netwrix Connect is Netwrix' first and eagerly anticipated user and partner conference that takes place in March of 2024 in Orlando, Florida. The focus of this two-day event is providing deep technical training for Netwrix data security investments.

Attendees receive deep technical product training for Netwrix products, connect with like-minded peers, Netwrix executives and product experts, can earn CPE credits, can engage in roadmap discussions to influence the future of Netwrix, can receive official product certifications, and ennjoy March's stunning Florida weather.

 

About my presentation

I'm presenting a 60-minute session with Tyler Reese, Director of Product Management at Netwrix, on:

Incorporating ITDR into Your Organization's SOC

Tuesday March 5th, 3 PM – 4 PM

Identity professionals have traditionally focused on compliance and governance activities, while leaving Security Operations to the Cyber security team to monitor the endpoint (EDR) and network (NDR), potentially missing Identity Threats. Cloud adoption has made identity a primary target for cyber security attacks, making it one of the key vectors of attack expansion after infiltration.

As a result, Identity professionals need to consider an Identity Threat Detection and Response (ITDR) program and how to integrate it into their organization’s larger Security Operations Center (SOC).

Tyler and I discuss the considerations that should be made when bringing on an ITDR program and how to incorporate it into an organization's larger SOC program. By doing so, you can ensure that your organization is well-protected against identity-based cyber threats.

 

Join us!

Join us at Orlando's Embassy Suites by Hilton for Netwrix Connect 2024. Register here.

0  

We're presenting at 2024's first Workplace Ninjas Netherlands meetup

Reading Time: 2 minutes

Workplace Ninjas Netherlands' first 2024 meetup

As the Dutch IT Bro's, Raymond Comvalius and I are in high demand for many events and communities to come present on identity, security, windows and devices in our typically hilarious way. A couple of weeks ago, Raymond received a message from the Dutch Workplace Ninja's to come present at their first 2024 meetup on February 27th, 2024.

 

About Workplace Ninjas Netherlands

Workplace Ninjas Netherlands (WPNinjasNL) is a user group, that was founded in February 2013 by IT Professionals with a passion for everything that has to do with managing Windows, but not limited to Windows. Their goal is to provide a platform for IT Professionals to share knowledge gained from the field and to share tips and tricks. They organize periodic physical meetups, virtual events, share blogs and share on other channels, too.

The Workplace Ninjas Netherlands were previously known as Windows Management User Group Netherlands (WMUGnl) and Raymond and I have presented with them under that name before.

 

About 2024's first WPNinjasNL meetup

2024's first in-person meetup of Workplace Ninjas Netherlands is sponsored by Pink Elephant and takes place at their offices in Naarden in the Netherlands on Tuesday February 27th, 2024.

As usual, the event is content packed with 3 sessions. To accommodate for this, Workplace Ninjas Netherlands opens the doors at Pink Elephant at 3:30 PM. Bob Cornelissen presents a 60-minute session on multi-cloud and hybrid monitoring with Azure Monitor, starting at 4 PM. At 5:05 PM, Remco Visser presents another 60-minute session on Microsoft Copilot for organizations and legal departments. At 6:05 dinner and drinks are served.

 

About our session

Raymond and I will present a 60-minute session on:

Ali Baba

Ali Baba and the Entra ID tokens: Script authentication with the Microsoft Graph

7 PM – 8 PM

As the AzureAD and MSOnline PowerShell modules get deprecated, we're adapting to accessing Entra ID using the Microsoft Graph. This session clarifies how to authenticate in new ways, focusing on App Registrations, Mg*-modules, tokens, and App Permissions. We'll debate the need for App Registrations, the advantages and drawbacks of secrets versus certificates or federated authentication, and the practicalities of these methods. Attendees learn about federated authentication's applicability, Mg*-modules' authentication compatibility, and the functionalities of access tokens.

We share our first-hand experiences in developing scripts for this new authentication framework. Join us to gain insights and practical skills for a smooth transition to scripting with the Microsoft Graph for Entra ID.

 

Join us!

After our session, drinks are served from 8 PM to 9PM, so there really is no reason not to join us. 😉

Workplace Ninjas Netherlands meetups are free to attend, but all presentations are delivered in Dutch.  Seats are limited, so sign up fast.

0  

Pictures of the Inaugural Dutch Microsoft Entra Community meetup

Reading Time: 2 minutes

Presenting on the basics (Picture by Inspark)On Thursday February 1st, 2024, I presented at the inaugural Dutch Microsoft Entra Community meetup at the Inspark offices in Amstelveen. Jan, Pim and Stefan invited me to speak at the second speaker slot of the first event they organized together in the context of this new community.

I arrived early, chatted with some of the attendees and enjoyed the Italian food that was served.

Food and Drinks (picture by Inspark)

Jan, Pim and Stefan kicked off the sold-out event with an introduction of the Dutch Microsoft Entra Community and an overview of Microsoft Entra. After their talk,  Guus van Berge dove into Entra ID Governance and the many things you can do with the many features of this service to support the Identity and Access Management processes towards an organization's heterogeneous landscape of  systems and applications.

Introduction by Jan (left), Stefan and Pim (right) (picture by Inspark)

Guus presenting (picture by Inspark)

After a short break, I presented on applying the security basics to Entra tenants to prevent against 99,8% of attacks towards this platform. With several demos I made clear where the specific toggles live in the Entra portal and with several anecdotes I provided background on how these toggles impact end-users.

Title slide (photo by Pim Jacobs)

Title Slide 'Entra ID: Just apply the basics, already!' (photo by Vincent Loen-Ajaiso)

Concluding the session (picture by Inspark)

After the presentation, I had some great conversations with attendees while we enjoyed the sponsored drinks. Being one of the last people to leave, I was home at  10:30 PM.

 

Thank you!

Thank you to Jan, Stefan and Pim from the Dutch Microsoft Entra Community for organizing a successful event and inviting me as a speaker, to all my community friends and, of course, to all the people attending, sitting in on the session and, of course, the people with whom I had interesting discussions.

0