The purpose for this document is to guide someone through adding Group Managed Service Accounts (gMSA) into the MIM Portal. At my customer, we have started utilizing gMSA’s more and more as opposed to regular service accounts. With increased usage this means that gMSA’s are showing up as members of various Security Groups. Anyone who … Continue reading Flowing gMSA accounts into MIM Portal
Category: Identity
New Microsoft Security Certifications released
Exams such as AZ-500 and MS-500 measures your overall knowledge of Azure and Microsoft 365 security solutions and features. Microsoft has now released four new exams measuring skills on specific security solutions instead. You can obtain a new Fundamentals certification and three new Associate certifications. The new exams/certifications are as follows: Exam SC-900 | Microsoft … Continue reading New Microsoft Security Certifications released
Use Azure Backup for Active Directory forest recovery requirements | Part 2
In part one of this series, we used Azure Backup to enable a daily backup schedule on two Domain Controllers, one from each domain in the Active Directory forest. A few days have passed since Azure Backup was configured. Multiple backups (restore points) should be available for each of the Domain Controllers. In this post, one of these recovery points will be used to restore the forest root Domain Controller in an Azure isolated virtual network (VNET), while having no impact on the production environment. We should be able to successfully logon to this Domain Controller after the restore, to perform the remaining Active Directory recovery steps.
Use Azure Backup for Active Directory forest recovery requirements | Part 1
In this series I will demonstrate how to configure Azure Backup to protect a Domain Controller deployed in Azure. An initial backup will be performed which will then be used to restore the Azure Virtual Machine (VM) to an isolated Virtual Network. The VM restore will be tested by signing into the Domain Controller with the built-in Administrator account. This validates the successful backup and restore of the Domain Controller VM. Part 1 covers the configuration of Azure Backup and creation of backups for two Domain Controllers in Azure. I will configure backup for a Domain Controller in the forest root domain and a Domain Controller in the child domain.
Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes
The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.
Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”
Issue It's December and time to let your hair down. It could be a time to relax, do some reading or even take time to upskill in a new technology. Perhaps catch up with friends and family. But if you think you can completely relax just remember, your identities on-the-line(Vince Vaughn) are open and exposed … Continue reading Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”
Field notes: The case of the missing Organizational Unit (OU)
I recently assisted a customer with missing OU's in Active Directory. We found that the OU's were not deleted (thanks to the AD Recycle Bin), but were actually moved to another OU instead. These occurrences can easily be prevented by using a feature that was introduced with Active Directory on Windows Server 2008. Now this is nothing new, but since we are still finding occurrences of this at our customers, I decided to publish this post as a reminder to review all OU's in your Active Directory forest, and ensure they are protected from accidental deletion.
Enabling MIM Portal with Azure AD App Proxy
Enabling MIM Portal to work with Azure AD App Proxy is not new. There are certainly numerous articles out on the Internet that talk about the topic. At the same time, MIM Portal on App Proxy is not as easy to configure as other web-based applications are. My reasons for documenting this was to solve … Continue reading Enabling MIM Portal with Azure AD App Proxy
Intune – “Conditional Access, Terms of Use and The Company Portal”
The Issue We recently had an issue where we tried to use the Conditional Access setting and only granting Terms of Use for an Android Device Enrollment. The Investigation What happens now is as described in our docs article Terms of use - Azure Active Directory | Microsoft Docs - The authenticator app installs... Why … Continue reading Intune – “Conditional Access, Terms of Use and The Company Portal”
Azure AD Connect | Verify password sync for single user
I recently received a query from a customer asking if there was a way to determine when last a user’s password was synchronized. Upon receiving further details, it became clear that they suspected an issue with password synchronization for a specific user. There is an easy way to verify password synchronization for a single user.