Select Page

Introduction to Building a Replica Domain Controller ARM Template

The idea behind this blog series came after something I noticed Microsoft does not have from an artifact perspective. Microsoft talks a lot about infrastructure as code by using ARM Templates. ARM Templates make cloud deployments declarative, idempotent, and add ... continue reading
Stretch-01-Config.png

Disaster Recovery in the next version of Azure Stack HCI

Disaster can hit at any time. When thinking about disaster and recovery, I think of 3 things Be prepared Plan on not involving humans Automatic, not automated Having a good strategy is a must. You want to be able to ... continue reading
skissel_0-1584993340479.png

Azure DSC for Zero Trust Windows 10 Devices Managed by Intune

Introduction Zero Trust is defined by Microsoft as model that “assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to ... continue reading
Wadhrama PARINACOTA attack chain

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft ... continue reading
Building the Totally Network Isolated Root Certification Authority

Building the Totally Network Isolated Root Certification Authority

Hello everyone, my name is Daniel Metzger and I am a Senior Premier Field Engineer for Secure Infrastructure based in Switzerland. Lately I have done quite a few Public Key Infrastructure (PKI) migrations for customers mostly because their certification authorities ... continue reading
Initially Isolate Tier 0 Assets with Group Policy to Start Administrative Tiering

Initially Isolate Tier 0 Assets with Group Policy to Start Administrative Tiering

Hello everyone, my name is Daniel Metzger and I am a Senior Premier Field Engineer for Secure Infrastructure based in Switzerland. In this post, I am going to show you how to use a minimal set of Group Policy objects ... continue reading
Setting up TPM protected certificates using a Microsoft Certificate Authority - Part 2: Virtual Smart Cards

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 2: Virtual Smart Cards

First published on TECHNET on Jul 15, 2014 Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates. The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly ... continue reading

Implementing LDAPS (LDAP over SSL)

First published on TECHNET on Jun 02, 2011 LDAP over SSL (LDAPS) is becoming an increasingly hot topic - perhaps it is because Event Viewer ID 1220 is catching people's attention in the Directory Service Log or just that people ... continue reading

SHA2 and Windows

First published on TECHNET on Sep 30, 2010 UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows. Introduction We’ve recently received a couple of requests from customers around the functionality of SHA-256 when ... continue reading

Firewall Rules for Active Directory Certificate Services

First published on TECHNET on Jun 25, 2010 Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services ... continue reading