Category Archives: Microsoft Windows Server 2016
HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure […]
On-premises Microsoft Identity-related updates and fixes for June 2020
Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The […]
On-premises Microsoft Identity-related updates and fixes for May 2020
Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for May 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4556813 May 12, 2020 The May […]
On-premises Microsoft Identity-related updates and fixes for April 2020
Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for April 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4550929 April 14, 2020 The […]
HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect […]
A Real-world tested Approach for Transitioning Web Application Proxy Servers
We’ve migrated many AD FS implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations. How we migrate In general, we migrate Web Application Proxy servers by adding additional Web Application Proxies […]
A Real-world tested Approach for Transitioning AD FS Servers
We’ve migrated many Active Directory Federation Services (AD FS) implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations. How we migrate In general, we migrate AD FS servers by adding additional […]
On-premises Microsoft Identity-related updates and fixes for March 2020
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for March 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4540670 March 10, 2020 The […]
On-premises Identity updates & fixes for February 2020
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for February 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4537764 February 11, 2020 The February […]
TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes
In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way […]
Login