Blog Archives

HOWTO: Disable Unnecessary Services on Web Application Proxies

This entry is part 1 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower […]

0  

HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers

This entry is part 2 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running […]

3  

HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect

This entry is part 3 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why harden Azure AD Connect Hardening provides additional layers to defense in depth approaches. It changes the […]

1  

HOWTO: Enforce Azure AD Connect to use TLS 1.2 only

This entry is part 4 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience (“Full installation”) […]

0  

HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect

This entry is part 5 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows […]

0  

HOWTO: Disable unnecessary AD FS endpoints

This entry is part 6 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

0  

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

This entry is part 7 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

0  

HOWTO: Handle Time synchronization on non-domain-joined Web Application Proxies

This entry is part 8 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle time synchronization on non-domain-joined Web […]

0  

HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies

This entry is part 9 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

0  

HOWTO: Handle Windows Update on non-domain-joined Web Application Proxies

This entry is part 10 of 18 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

0