The authority on identity and security in Microsoft

Deciding who can access data is a key part of zero-trust. With Azure AD authentication contexts and other tools, you can do exactly this.

Shortcuts for when you’re building scripts to work with AD or working on servers with limited access to tools.

Until passwordless authentication is a more viable option, we must take steps to defend against password spray attacks. Azure Active…

Azure Active Directory Connect (AADC) installation creates a set of permissions that in most cases does not follow the concept of least…

The first domain in an AD forest is unique. There are two groups in this domain that we must be aware of: Enterprise Admins and Schema…

The PetitPotam exploit can be used to completely own an environment, with very few prerequisites—but mitigation is within reac

If organizations don’t properly plan the synchronization solution for their cloud identities, which Microsoft calls Azure AD Connect, users…

The size and complexity of the organization are critical factors when determining how and where to host FSMO roles.

When an identity from Active Directory (AD) is synchronized with a cloud-based identity platform such as Azure AD, those identities are…

Not all organizations require their own PKI solution; however, most leverage Microsoft Active Directory Certificate Services because it…

Not all organizations require their own PKI solution; however, most leverage Microsoft Active Directory Certificate Services because it…

One important function of Certificate Authorities that’s mentioned briefly in Part 2 of our “Components of a PKI” blog series is the…

In Part 1 of our “Components of a PKI” blog series, we defined several PKI terms that are useful for understanding Certificate Authorities…

Digital certificates (most commonly represented by the X.509 public key certificate standard) are signed data objects that associate a…

User attributes are important metadata that should be treated with care. Some organizations do not take user attributes seriously enough,…

Planning for a Microsoft Information Protection deployment can seem complicated at first; however, the recommendations in this article can…

There are a few key terms that are critical when understanding and deploying Microsoft Information Protection (MIP). For example,…

In large-scale Microsoft Intune deployments, you’ll typically find both production and development tenants. For effective application…

In Part 3 of this blog series, we discuss some other important considerations when taking this approach to automation.

Part 2 of this blog series gets into the details of how to create and configure an app registration for use with an automated PowerShell…

Automation is a fundamental requirement for good systems administration, no matter what the platform. Being able to automate tasks ensures…

Several high-risk events have recently highlighted the importance of a fully functional and secure Active Directory environment to a…

Migrating your Active Directory Federation Services (AD FS) integrated SaaS applications to Azure Active Directory (Azure AD) provides many…

Do you know how to protect organizational data on mobile devices without affecting personal data? Are you aware of the policies required to…

One of the most important security controls in an Active Directory (AD) forest is the prevention of privilege escalation paths. The tiered…

The workstation an administrator uses to perform privileged tasks such as managing Active Directory (AD) is a high-value target for a…

Our automated AD DS health check process looks at hundreds of configuration settings, including DNS, FSMO roles, replication, sites and…

Learn how to find out what security groups grant access to the MIM Synchronization Service

Forgotten passwords are a key driver of Help desk calls for many organizations. They are also a major cost factor. Azure Active Directory…

Enabling single sign-on (SSO) for SaaS applications adds convenience for end users, as well as reduces security risks and enables you to…

With the Azure AD Application Proxy, you can provide remote access to web applications and Remote Desktop Services (RDS) farms without…

Without a license, end users will not be able to use Office 365 services like Exchange Online or OneDrive for Business, so it’s critical…