Category Archives: Active Directory

HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection

This entry is part 23 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing AD FS with a back-end […]

0  

TODO: Install the January 2020 Cumulative Update in your networking infrastructure

This Tuesday, Microsoft released an update that fixes a critical vulnerability in Windows and Windows Server. I urge you to install this update as soon as possible.   About the vulnerability The vulnerability, labeled CVE-2020-0601 was responsibly disclosed by the NSA to Microsoft. It is dubbed ‘NSACrypt’. A spoofing vulnerability exists in the way Windows […]

2  

HOWTO: Design a networking infrastructure for Hybrid Identity components

This entry is part 22 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive […]

0  

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive […]

0  

HOWTO: Change the Security Response Headers on AD FS

This entry is part 21 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the security headers for AD FS implementations. Note: This […]

0  

Azure AD Connect version 1.4.38.0 offers some bug fixes

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the fourth version in the 1.4 branch of Azure AD Connect: v1.4.38.0. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]

0  

HOWTO: Enable Extended Protection for Authentication on the AD FS Farm

This entry is part 19 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the extended protection for authentication feature with AD FS. […]

0  

Azure AD Connect v1.4.32.0 fixes Azure AD Join challenges

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the third version in the 1.4 branch of Azure AD Connect: v1.4.32.0. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]

0  

HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts

This entry is part 18 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly delegating directory access to Azure AD Connect service […]

0  

On-premises Identity updates & fixes for October 2019

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for October 2019: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4524152 October 3, 2019 The October […]

0