Category Archives: Security

HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent

Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself.    About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication […]


I’m staffing a Community Booth at two Community Social events at Microsoft Ignite 2018

Community Central at Microsoft Ignite is bigger, better and stronger, compared to last year’s Ignite, and I’m proud to share that I’m part of it! Besides my two theater sessions on Identity and Access Management (IAM) at Ignite, I will also be staffing a Community Booth at two Community Social events.    About Community Central […]


Configuring Account Lockout throughout a Hybrid Identity Environment

Denial of Service attacks on identity and access systems are common place. When you think you’re done when you’ve covered all the bases with account lock-out in your on-premises Active Directory Domain Services (AD DS) environment, you’re wrong. Hybrid Identity requires more effort and Microsoft only made the tools you need generally available this month. […]


Microsoft Authenticator – One easy-to-use app for all your multi-factor authentication needs

As announced on July 25, today, Microsoft’s new Microsoft Authenticator app replaces both its Azure Authenticator and Microsoft Account app as the one easy-to-use app for all your multi-factor authentication needs. Now, I’m not sure whether Microsoft will use the above slogan for the app, but to me it sums up what this new app […]


Security Thoughts: LSASS Protection in Windows 8.1 and Windows Server 2012 R2

I’ve written about Pass-the-Hash (PtH) attacks before. Today, I’m writing on the cleanup mechanisms to remove lingering password(hashe)s from Windows, that Microsoft has introduced with Windows 8.1 and Windows Server 2012 R2. These mechanisms help protect against Pass-the-Hash (PtH) attacks.


KnowledgeBase: A hotfix is available that records more information in event ID 5125 for an OCSP response

Last month, Microsoft released a KnowledgeBase article for Active Directory Certificate Services running on Windows Server 2008 R2 with Service Pack 1 and Windows Server 2012. Note: This KnowledgeBase article doesn’t apply to Windows Server 2012 R2, although the same issue exists as in Windows Server 2008 R2 and Windows Server 2012.   The situation […]


I was interviewed by at the Tooling Event (Dutch)

Last month, I was present at the Dutch Tooling Event to talk to (potential) customers about my employer’s product and project portfolio. This event gets organized for people with an interest in IT systems management, IT service management, mobile device management and other IT-related themes. During the event, I was interviewed alongside Pieter Lacroix (Managing […]


Security Thoughts: Are you still running XML Core Services (MSXML) 4.0 with Service Pack 2 in your environment?

Security and practicality often clash, especially with legacy software in the mix. Legacy software is painful from a security point of view. If you want to know how painful, keep on reading this blogpost. It features legacy functionality, unsupported software and security holes the size of Jupiter.


Security Thoughts: Pass the Hash and other Credential Theft

Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy Computing group in […]


Common Challenges when Managing Active Directory Domain Services, Part 1: Security

In many organizations Active Directory Domain Services is the top tier in access management. Access to systems, information and connections, often, is governed by information in Active Directory. User objects and computer objects play a big role in this model, since they represent actual physical objects within the organization. Now, not every organization acknowledges the […]