Technical articles about authentication and authorization of directory services for Azure cloud. Articles include topics such as domain controllers, DNS, Group Policy Management, certifictates, and single sign on. Learn about using Active Directory Management Tools and PowerShell.
Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening. In my role at Microsoft, I have found every organization has room to improve when it comes to hardening Active Directory. Many times, customers are aware of issues but are afraid of unintended impacts if they make …
Active Directory Hardening Series – Part 1 – Disabling NTLMv1 Continue Reading
Hey Guys Rob here again, today I am going to go over a set of typical Network Device Enrollment Service Event ID’s that you will inevitably encounter if you are maintaining an environment with NDES installed. These two events always seem to run together and can be seen in the Application Event log. Log Name: …
NDES and the dreaded 2 & 10 Event ids stating “The parameter is incorrect” Continue Reading
Hello everyone, I’m thrilled to announce that Microsoft Entra API-driven provisioning is now in public preview! With today’s announcement, we’re expanding our support for HR-driven provisioning to address the most common customer asks, including: Automatically provisioning cloud-only users and hybrid users (users that require an on-premises Active Directory account) from any trusted source Importing data from sources …
Azure AD Privileged Identity Management (PIM) offers organizations a comprehensive solution for managing, monitoring, and auditing access to their Azure resources. Among its key functionalities, Azure AD PIM allows the implementation of just-in-time (JIT) access to both Azure AD and Azure resources. Sometime ago Microsoft released preview feature that enable the usage of Azure AD …
Step-by-Step Guide : Azure AD PIM for Groups Continue Reading
Hey all! Rob Greene here. We see cases around Network Device Enrollment Service (NDES) failing to successfully complete. Please keep in mind that you can get these error messages outside of NDES installation, however we are not going to be covering those errors within this blog. This blog is going to concentrate on the assumption …
Common Network Device Enrollment Service (NDES) configuration wizard failures Continue Reading
Migrate ADAL applications to MSAL is now available >We are announcing a new Azure Active Directory (Azure AD) recommendation > helping customers migrate apps using the legacy Azure AD > >Authentication Library (ADAL) to the Microsoft Authentication Library (MSAL) >. > >This is part of our ongoing initiative to improve the developer experience, service reliability, …
Azure AD Recommendations Now Help You Identify ADAL Apps to Migrate to MSAL Continue Reading
Today we announced significant milestones for identity and network access, including the news that Microsoft Azure Active Directory (Azure AD) is becoming Microsoft Entra ID. As part of our ongoing commitment to simplify secure access experiences for everyone, the rebranding of Azure AD to Microsoft Entra ID is designed to make it easier for you …
A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between people, machines, apps, and devices that …
Hello, Chris Cartwright here from the Directory Services support team. We have many customers asking questions about how to track down the usage of RC4 in their environment. Over the years, we’ve had tons of great articles that, when put together, provide a fairly simple solution to this problem. (These can be found in the …
So, you think you’re ready for enforcing AES for Kerberos? Continue Reading
In 2019, we announced deprecation of the Azure AD Graph service. One year ago we communicated that Azure AD Graph will be retired and stop functioning after June 30, 2023. We also previously communicated that three legacy PowerShell modules (Azure AD, Azure AD Preview, and MS Online) would be deprecated on June 30, 2023. We …
Important: Azure AD Graph Retirement and Powershell Module Deprecation Continue Reading
