Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

Issue It's December and time to let your hair down. It could be a time to relax, do some reading or even take time to upskill in a new technology. Perhaps catch up with friends and family. But if you think you can completely relax just remember, your identities on-the-line(Vince Vaughn) are open and exposed … Continue reading Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)” →

Field notes: The case of the missing Organizational Unit (OU)

I recently assisted a customer with missing OU's in Active Directory. We found that the OU's were not deleted (thanks to the AD Recycle Bin), but were actually moved to another OU instead. These occurrences can easily be prevented by using a feature that was introduced with Active Directory on Windows Server 2008. Now this is nothing new, but since we are still finding occurrences of this at our customers, I decided to publish this post as a reminder to review all OU's in your Active Directory forest, and ensure they are protected from accidental deletion.

Enabling MIM Portal with Azure AD App Proxy

Enabling MIM Portal to work with Azure AD App Proxy is not new. There are certainly numerous articles out on the Internet that talk about the topic. At the same time, MIM Portal on App Proxy is not as easy to configure as other web-based applications are. My reasons for documenting this was to solve … Continue reading Enabling MIM Portal with Azure AD App Proxy →

Intune – “Conditional Access, Terms of Use and The Company Portal”

The Issue We recently had an issue where we tried to use the Conditional Access setting and only granting Terms of Use for an Android Device Enrollment. The Investigation What happens now is as described in our docs article Terms of use - Azure Active Directory | Microsoft Docs - The authenticator app installs... Why … Continue reading Intune – “Conditional Access, Terms of Use and The Company Portal” →

Roll over Kerberos decryption key for Seamless SSO computer account

Updating the Kerberos decryption key for the Azure AD SSO computer account is a fairly simple process. In this blog post I walk through the steps to perform an update of the Kerberos decryption key.

How to reset the Directory Service Restore Mode (DSRM) password

The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller. I have encountered many Active Directory environments where the DSRM password for the Domain Controllers is not known or safely stored for retrieval when needed. In this article I revisit the options to reset the DSRM password.

Azure AD Alternate Login ID – Use your e-mail address (preview).

Introduction For logging into office 365 services, and you are syncing your users from on premises AD via Azure AD Connect, Microsoft has always recommended changing your users UPNs to match their e-mail address. 2 of the main reasons for this are: You can not use non routable domains in Azure AD. So domain.local will … Continue reading Azure AD Alternate Login ID – Use your e-mail address (preview). →

Understanding Microsoft Security Baselines and Applying Them – Part 2

Importing the Security Baselines into AD easily The easiest method of importing all the settings into AD is a script that is included with the baselines, its stored beneath the Scripts folder named "Baseline-ADImport.ps1". Baseline-ADImport.ps1 Imported GPO's in AD In the image above you can see everything that is imported with the Security Baseline for … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 2 →

Enable Remote Work for Organizations – Interview with Microsoft Services Expertise

This is 16 Minutes interview with Microsoft Services Expertise discussing How Microsoft Enable Remote Work for Organization using Windows Virtual Desktop.

Field Notes: Azure MFA and SSPR combined registration now Generally Available

As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.