Join us March 28 at 8:30 AM PDT for a brand-new digital event, Microsoft Secureāa place for security professionals to explore the most comprehensive, industry-leading solutions to help you protect everything.
Author: Johan Heyneke
Cloud Solution Architect - Engineering at Microsoft
Use the Microsoft Authenticator application as backup sign-in method when mobile device has no connectivity.
You can use the Microsoft Authenticator application to complete MFA (Multi-Factor Authentication) sign-in when your mobile device has no connectivity. The Authenticator application functions as the primary and backup sign-in method.
Azure MFA | Number Matching Enabled by Default
Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. Microsoft will remove the admin controls and enforce the number match experience tenant-wide for all users starting May 8, 2023.
Microsoft Defender for Identity | Enable NTLM Auditing
If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
Field Notes: Service running with gMSA account not starting
I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting
Permanently delete objects from the Active Directory Recycle Bin
With the Active Directory Recycle Bin enabled, deleted Active Directory objects can be easily recovered. The deleted items can be recovered for as long as the Active Directory tombstone lifetime. Based on default configuration this should be 180 days. I recently received a request from a customer to know how they can permanently delete user … Continue reading Permanently delete objects from the Active Directory Recycle Bin
Save Azure costs using Spot Instances
In this article I want to talk about how Azure Spot Instances can save you money on your Virtual Machines. These virtual machines are categorized as Infrastructure as a Service (IaaS). I recently received a new subscription and had to rebuild my infrastructure from scratch. At the moment I have four Active Directory Domain Controllers, … Continue reading Save Azure costs using Spot Instances
Disable Server Manager automatic startup
This is a short blog showing how to disable Server Manager from automatically starting up at logon.
Field Notes: Active Directory tombstone lifetime
The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.
Internet Explorer | End of Life
We have been using Internet Explorer since Windows 95, perhaps not so much in recent years since we started using modern browsers. Microsoft recently announced the retirement of the Internet Explorer desktop application. There are some organizations however that still rely on Internet Explorer for legacy sites who may be impacted by this announcement. These legacy sites can still be supported using the Microsoft Edge browser.
You must be logged in to post a comment.