Category Archives: Security
To celebrate the availability of the Active Directory Administration Cookbook, I decided to write a blogpost in the typical structure of a recipe in this book: Disabling account enumeration Use this recipe to disable account enumeration for an Azure Active Directory tenant. After completing this recipe, people with user accounts in the tenant will […]
Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself. About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication […]
Community Central at Microsoft Ignite is bigger, better and stronger, compared to last year’s Ignite, and I’m proud to share that I’m part of it! Besides my two theater sessions on Identity and Access Management (IAM) at Ignite, I will also be staffing a Community Booth at two Community Social events. About Community Central […]
Denial of Service attacks on identity and access systems are common place. When you think you’re done when you’ve covered all the bases with account lock-out in your on-premises Active Directory Domain Services (AD DS) environment, you’re wrong. Hybrid Identity requires more effort and Microsoft only made the tools you need generally available this month. […]
As announced on July 25, today, Microsoft’s new Microsoft Authenticator app replaces both its Azure Authenticator and Microsoft Account app as the one easy-to-use app for all your multi-factor authentication needs. Now, I’m not sure whether Microsoft will use the above slogan for the app, but to me it sums up what this new app […]
I’ve written about Pass-the-Hash (PtH) attacks before. Today, I’m writing on the cleanup mechanisms to remove lingering password(hashe)s from Windows, that Microsoft has introduced with Windows 8.1 and Windows Server 2012 R2. These mechanisms help protect against Pass-the-Hash (PtH) attacks.
KnowledgeBase: A hotfix is available that records more information in event ID 5125 for an OCSP response
Last month, Microsoft released a KnowledgeBase article for Active Directory Certificate Services running on Windows Server 2008 R2 with Service Pack 1 and Windows Server 2012. Note: This KnowledgeBase article doesn’t apply to Windows Server 2012 R2, although the same issue exists as in Windows Server 2008 R2 and Windows Server 2012. The situation […]
Last month, I was present at the Dutch Tooling Event to talk to (potential) customers about my employer’s product and project portfolio. This event gets organized for people with an interest in IT systems management, IT service management, mobile device management and other IT-related themes. During the event, I was interviewed alongside Pieter Lacroix (Managing […]
Security Thoughts: Are you still running XML Core Services (MSXML) 4.0 with Service Pack 2 in your environment?
Security and practicality often clash, especially with legacy software in the mix. Legacy software is painful from a security point of view. If you want to know how painful, keep on reading this blogpost. It features legacy functionality, unsupported software and security holes the size of Jupiter.
Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy Computing group in […]