Category Archives: Active Directory Federation Services

HOWTO: Install VASCO’s DIGIPASS Authentication for AD FS

Today, I had the pleasure of installing and configuring OneSpan’s (formerly Vasco’s) DIGIPASS Authentication for Microsoft Active Directory Federation Services (AD FS). Microsoft Docs offers links to documentation for 3rd-party providers with MFA offerings currently available for AD FS, but just like CensorNet’s SMS PASSCODE AD FS Agent, OneSpan’s installation and configuration manual is not […]

1  

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

This entry is part 7 of 10 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

0  

HOWTO: Disable unnecessary AD FS endpoints

This entry is part 6 of 10 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

0  

Creating the ‘Microsoft Office 365 Identity Platform’ Relying Party Trust manually

There are several methods to create the Relying Party Trust (RPT) between Active Directory Federation Services (AD FS) and Azure Active Directory automatically: Using Azure AD Connect with the Use an existing AD FS farm option or the Configure a new AD FS farm option, when configuring Federation with AD FS as the authentication method. […]

0  

Windows Server 2016’s February 2019 Quality Update fixes two Hybrid Identity issues

Windows Server 2016’s February 2019 Cumulative Quality Update, bringing the OS version to 14393.2828 , offers a fix for two authentication issues.        About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 blogpost. On the second Tuesday of each […]

0  

HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent

Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself.    About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication […]

0  

Windows Server 2016’s October 2018 Quality Update brings several Active Directory fixes

Windows Server 2016’s October 2018’s Cumulative Quality Update, bringing the OS version to 14393.2580, offers a total of three fixes for issues you might be experiencing on your Windows Server 2016-based Domain Controllers and Active Directory Federation Services (AD FS) Servers.      About Windows Server 2016 Updates Microsoft issues two major updates each month for […]

0  

Passing Microsoft Exam 70-742: Identity with Windows Server 2016

There is a good and free way to prepare for Microsoft exam 70-742: Identity with Windows Server 2016. In the past years, I conducted webinars that can serve as a primer on Active Directory in terms of forests, domains, trusts, security and on Group Policy. They are not and were never intended as the sole […]

0  

Windows Server 2016’s August 2018 Quality Update brings several Active Directory fixes

Windows Server 2016’s August 2018’s Cumulative Quality Update, bringing the OS version to 14393.2457, offers a total of four fixes for issues you might be experiencing on your Windows Server 2016-based Domain Controllers and Active Directory Federation Services (AD FS) Servers.   About Windows Server 2016 Updates Microsoft issues two major updates each month for […]

0  

A Vulnerability in AD FS allows for bypassing the MFA Security Feature (CVE-2018-8340, Important)

Last Tuesday, during Microsoft’s August 2018 Patch Tuesday, Microsoft released an important security update for all supported Operating Systems to address a security feature bypass vulnerability that exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests.   About the vulnerability Malicious actors often compromise passwords to initiate and expand security breaches. […]

0