Category Archives: Security

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

This entry is part 7 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

0  

HOWTO: Disable unnecessary AD FS endpoints

This entry is part 6 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

0  

HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect

This entry is part 5 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows […]

0  

HOWTO: Enforce Azure AD Connect to use TLS 1.2 only

This entry is part 4 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience (“Full installation”) […]

0  

HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect

This entry is part 3 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why harden Azure AD Connect Hardening provides additional layers to defense in depth approaches. It changes the […]

1  

HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers

This entry is part 2 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running […]

3  

HOWTO: Disable Unnecessary Services on Web Application Proxies

This entry is part 1 of 7 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower […]

0  

HOWTO: Disable account enumeration in Azure Active Directory

To celebrate the availability of the Active Directory Administration Cookbook, I decided to write a blogpost in the typical structure of a recipe in this book:     Disabling account enumeration Use this recipe to disable account enumeration for an Azure Active Directory tenant. After completing this recipe, people with user accounts in the tenant will […]

2  

HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent

Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself.    About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication […]

0  

I’m staffing a Community Booth at two Community Social events at Microsoft Ignite 2018

Community Central at Microsoft Ignite is bigger, better and stronger, compared to last year’s Ignite, and I’m proud to share that I’m part of it! Besides my two theater sessions on Identity and Access Management (IAM) at Ignite, I will also be staffing a Community Booth at two Community Social events.    About Community Central […]

2