Category Archives: Active Directory Federation Services

On-premises Identity-related updates and fixes for October 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for October 2023:   Windows Server 2016 We observed the following update […]

0  

On-premises Identity-related updates and fixes for August 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for August 2023:   Windows Server 2016 We observed the following update […]

0  

On-premises Identity-related updates and fixes for May 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for May 2023:   Windows Server 2016 We observed the following update […]

0  

On-premises Identity-related updates and fixes for March 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for March 2023:   Windows Server 2016 We observed the following update […]

0  

On-premises Identity-related updates and fixes for February 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for February 2023:   Windows Server 2016 We observed the following update […]

0  

Manage the use of your AD FS MFA Adapter towards Azure AD with the new federatedIdpMfaBehavior setting

Last month, Microsoft introduced a new setting in Azure AD to protect against by-passing of Azure MFA for organizations who have federated between Azure AD and their on-premises environment. In most cases, organizations who have federated one or more DNS domains with Microsoft 365 (and thus Azure AD) use AD FS to host the ‘Microsoft […]

0  

An AD FS Vulnerability may lead to Elevation of Privilege on recent Windows Server versions

This week, on its Patch Tuesday for July 2022, Microsoft released a patch that addresses a vulnerability (CVE-2022-30215) in Active Directory Federation Services (AD FS).   About the vulnerability An Elevation of Privilege (EoP) vulnerability exists in Active Directory Federation Services (AD FS). The vulnerability can be exploited over the network and an attacker who successfully exploited […]

0  

Wormable Critical HTTP Protocol Stack Remote Code Execution Vulnerability affects Windows Server 2019- and 2022-based AD FS Servers (CVE-2022-21907)

During its Patch Tuesday on January 11th, 2022, Microsoft addressed a Remote Code Execution (RCE) security vulnerabilities that affects Windows Server 2019- and Windows Server 2022-based Active Directory Federation Services (AD FS) servers. About the vulnerability CVE-2022-21907 details a remote code execution vulnerability that can be used to attack AD FS servers over the internet. […]

0  

Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday

When looking at the October 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in Active Directory Federation Services (AD FS). About the vulnerabilities Three vulnerabilities were addressed today: CVE-20221-40456 AD FS Security Feature Bypass Vulnerability CVE-2021-40456 is a vulnerability that could allow an attacker to bypass BannedIPList entries for WS-Trust workflows […]

0  

How to check if Azure AD has processed the hybrid authentication method change

Many organizations with Azure AD tenant are currently transitioning from federation to Pass-through Authentication (PTA) and/or authentication based on Password Hash Synchronization (PHS). The Staged Roll-out feature is a straight-forward way to perform this transition. Microsoft has described how to migrate from federation to cloud authentication in Azure Active Directory using this feature. Note: In […]

0