Category Archives: Enterprise Security

HOWTO: Detect Apps and Services using LDAP instead of LDAPS

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Traditionally, the Lightweight Directory Access Protocol (LDAP) was used by software developers to integrate. While Kerberos-based Integrated Windows Authentication (IWA) can also be used, LDAP has kept a certain foothold for software solutions, as it is also available on non-Windows and […]

1  

Going All-in with HornetSecurity 365 Total Protection

Previously, I’ve shared my experiences with Altaro’s Office 365 Backup and Hornetsecurity’s 365 Threat Monitor. Both services add information security value on their own, but are also part of something bigger: HornetSecurity’s 365 Total Protection.  Should you go all-in with HornetSecurity’s 365 Total Protection to face your Microsoft 365 challenges head-on? The three flavours of […]

0  

TODO: Mitigate the Information Disclosure vulnerability caused by improperly configured Azure Migrate applications

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Migrate applications, when these applications have been created prior to November 2, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way Azure AD stores the […]

2  

TODO: Change the credentials for Azure Automation Run-As accounts

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Automation Run-As accounts, when these accounts have been created between October 15, 2020 and October 15, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way […]

0  

Azure Active Directory-related sessions at Identiverse 2021

Identiverse is the place for all things Identity. This year’s Identiverse Conference marks the 12th Identiverse Conference; its first-ever hybrid event to be held starting June 21, 2021. The in-person component is in Denver, Colorado with an accompanying virtual component that can be accessed from anywhere.   About Identiverse Identiverse is the hub for all […]

0  

KnowledgeBase: A Sign-in Window appears while configuring Azure AD Connect and configuration fails

Sometimes, the installation of Azure AD Connect can mess up your project deadlines in mere seconds. In this blogpost, I want to share an error that kept the admins of an organization occupied for several days, while it was easy to fix.   The situation An organization uses Azure AD and Azure AD Connect. After […]

0  

How Hot Patch for Windows Server Azure Edition helps secure Domain Controllers

At Microsoft Ignite 2021 Spring Edition, Microsoft introduces the Public Preview of Hot Patching for Windows Server Azure Edition. About hot patching for Windows Server Azure Edition Microsoft announced new capabilities at Microsoft Ignite 2021 Spring edition for Azure Automanage to simplify operations for Windows Server-based virtual machines (VMs). Azure Automanage helps organizations to reduce […]

0  

Making the Case for 30-day Token-signing and Token-decrypting Certificates in AD FS

I feel we are at a crossroads. Five years ago, I made the case for token-signing and token-decrypting certificates in Active Directory Federation Services (AD FS) with a validity of 5-year. Today, I’m making the case for 30-day Token-signing and Token-decrypting certificates, based on my understanding of the UNC2452 attack campaign (also known as ‘SolariGate’). […]

6  

Azure Active Directory Pod Identity Spoofing Vulnerability (CVE-2021-1677)

Today, for its January 2021 Patch Tuesday, Microsoft released an important security update for Azure Active Directory Pod Identities. This vulnerability is known as CVE-2021-1677 and rated with CVSSv3.0 scores of 5.5/4.8 About the vulnerability The Azure AD pod identity feature enables users to assign identities to pods in Kubernetes clusters and fetch them from […]

0  

Is the Authenticator App required for free Azure MFA?

At Microsoft Ignite 2019, Microsoft announced free Azure Multi-factor Authentication for all through the new Security Defaults feature for Azure Active Directory: Enable multi-factor authentication for free. Now, the official documentation shares more information on this feature and it implies that Azure Multi-factor Authentication (Azure MFA) is only free when it is enabled through the […]

5