Category Archives: Azure Active Directory

HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts

This entry is part 18 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly delegating directory access to Azure AD Connect service […]

0  

What’s new in Azure Active Directory at Microsoft Ignite 2019

Microsoft’s Identity Division made announcements and released functionality for Azure Active Directory during Microsoft Ignite 2019 (November 4th – November 8th, 2019) in Orlando, Florida:   Security Azure AD Security Defaults Public Preview Security Defaults is a set of basic identity security mechanisms, recommended by Microsoft. When enabled, these recommendation will be automatically enforced. Admins […]

0  

What’s New in Azure Active Directory for October 2019

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for October 2019:   What’s Planned Deprecation of the identityRiskEvent API for […]

0  

HOWTO: Use Azure AD App Filtering to limit attributes for the objects in scope for Azure AD Connect

This entry is part 17 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Attribute Filtering When installing Azure AD Connect with Express Settings, all objects in the […]

0  

Join Azure AD in the Microsoft Q&A Preview

Since November 2006, I’ve answered circa 835 questions on the TechNet and MSDN Forums on various topics, including Server Core, Active Directory, Azure Active Directory and Multi-factor Authentication. Now, a big change is coming and I would like for you to be part of it: Microsoft Q&A      What’s Microsoft Q&A? Microsoft Q&A Preview is […]

0  

HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect

This entry is part 16 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Domain and OU Filtering When installing Azure AD Connect with Express Settings, all objects […]

0  

HOWTO: Properly set and manage Azure AD Connect’s Export Deletion Threshold

This entry is part 15 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we start looking at Azure AD Connect in-depth.   Why look at […]

0  

HOWTO: Add the required Hybrid Identity URLs to the Trusted Sites list of Internet Explorer and Edge

This entry is part 14 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

0  

HOWTO: Add the required Hybrid Identity URLs to the Local Intranet list of Internet Explorer and Edge

This entry is part 13 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

2  

HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256

This entry is part 12 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly securing relying party trusts on AD FS servers […]

0