Microsoft Defender for Identity | Enable NTLM Auditing

If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.

Field Notes: Service running with gMSA account not starting

I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting

Permanently delete objects from the Active Directory Recycle Bin

With the Active Directory Recycle Bin enabled, deleted Active Directory objects can be easily recovered. The deleted items can be recovered for as long as the Active Directory tombstone lifetime. Based on default configuration this should be 180 days. I recently received a request from a customer to know how they can permanently delete user … Continue reading Permanently delete objects from the Active Directory Recycle Bin

MIM Portal & Application Context Authentication

The intention of this write-up is that you are modifying MIM Portal to switch email notifications to use the Application Context Authentication method as opposed to an SMTP relay or other method that uses a log on name and password. Basic Authentication will be deprecated somewhere around October 2022.  A Modern Authentication needs to be … Continue reading MIM Portal & Application Context Authentication

Field Notes: Active Directory tombstone lifetime

The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.

Flowing gMSA accounts into MIM Portal

The purpose for this document is to guide someone through adding Group Managed Service Accounts (gMSA) into the MIM Portal.  At my customer, we have started utilizing gMSA’s more and more as opposed to regular service accounts.  With increased usage this means that gMSA’s are showing up as members of various Security Groups.  Anyone who … Continue reading Flowing gMSA accounts into MIM Portal

New Microsoft Security Certifications released

Exams such as AZ-500 and MS-500 measures your overall knowledge of Azure and Microsoft 365 security solutions and features. Microsoft has now released four new exams measuring skills on specific security solutions instead. You can obtain a new Fundamentals certification and three new Associate certifications. The new exams/certifications are as follows: Exam SC-900 | Microsoft … Continue reading New Microsoft Security Certifications released