Category Archives: Best Practices

Join me for a webinar on SaaS app security posture management

On Wednesday, Jule 10th, 2024, join me to understand the 'red flags,' the most significant risks, and challenges companies face and unlock the secrets of Software-as-a-Service (SaaS) Security Posture Management. We dive deep into the threats and startling discoveries uncovered in the data over the past 265 days using the ENow App Governance Accelerator tool. […]


How familiar are you with Entra ID App Registration and Enterprise App Security?

If you are unfamiliar with Microsoft Entra ID (formerly Azure Active Directory) and enterprise app security, you should take steps to change that. Application governance is complex, so its intricacies and importance tend to be overlooked when organizations first create a cloud security strategy. However, failing to properly secure and monitor Entra ID can result […]


Join us for a Webinar on the Importance of Active Directory Monitoring

On Tuesday March 21st, 2023, I will be presenting a free 60-minute webinar on Active Directory, together with Jay Gundotra of ENow fame.   About this webinar In case you've forgotten; Active Directory is Microsoft's on-premises Identity management solution. Most large organization use it as their primary Identity and Access Management (IAM) solution and then […]


HOWTO: Create a Group Policy Central Store

The Group Policy Central Store in Active Directory’s System Volume (SYSVOL) share optimizes Group Policy authoring and replication. The group policy central store is a central location to store all the Group Policy template (*.admx) and Group Policy Language (*.adml) files. The Central Store eliminates the loading and opening of Group Policy template files on systems […]


HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect

In recent versions of Azure AD Connect, you can use the mS-DS-ConsistencyGUID attribute as the source anchor attribute. This provides flexibility in cross-forest migration scenarios. However, if another solution in the networking environment has already claimed the mS-DS-ConsistencyGUID attribute for its purposes, Azure AD Connect won’t allow you to use this attribute and instead default […]


The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available

The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the […]

The video of our presentation at Veeam Live is now available

Veeam organized its Veeam Live event on October 20th, 2020. Veeam is defining the future of cloud data solutions and helping today’s businesses securely and reliably protect and easily recover their data. At Veeam Live, they offered data protection management guidance, showed how to up your data protection game and allowed to connect with like-minded […]


HOWTO: Harden Remote Desktop connections to Domain Controllers

Workstations that are allowed to communicate to Domain Controllers pose a risk of lateral movement. To mitigate some of these risks, we can harden the Remote Desktop connections to Domain Controllers. Note: For organizations that have implemented the Active Directory administrative tier model, or are striving to embrace, their Privileged Access Workstations (PAWs) pose a […]


Why DCPromo removes the passwords from your answer files after usage

One of the recommended practices for configuring Domain Controllers is to use an answer file to promote the server from a domain-joined server to a Domain Controller.   Benefits of using an answer file The benefit is using an answer file is that the file can be reused for multiple promotions. This way, Domain Controllers […]


TODO: Enable the new My Apps and My Profile Experiences

Microsoft will be updating the current Azure AD Apps and Profile experiences on July 20th 2020. This means that from that data onward your colleagues will be automatically switched over to the updated My Apps and My Account experiences. Note: The updated My Apps and My Account offer the same functionality as the current experiences, […]