Blog

Hiding Confidential Information in Active Directory, Part 1: Active Directory Confidentiality Bit 

Active Directory (AD) is widely adopted by many companies as the central identity and access management platform. It provides authentication and authorization services and includes many security features that can enforce access controls to applications and other services within the enterprise. However, sometimes the data you store within AD to support applications is sensitive and […]

Hiding Confidential Information in Active Directory, Part 1: Active Directory Confidentiality Bit  Read More »

Highly Available, Secure, and Convenient: Leveraging Azure Blob Storage for your PKI Needs, Part 1

For as long as public key infrastructure (PKI) has existed, it has relied on certificate revocation lists (CRLs) and authority information access (AIA). CRLs are a fundamental part of most PKIs that allow clients to be 100% sure a certificate has not been revoked. AIA is a certificate extension that provides information on how to

Highly Available, Secure, and Convenient: Leveraging Azure Blob Storage for your PKI Needs, Part 1 Read More »

Three Reasons to Use Azure Automation to Run Your Scripts 

Azure Automation is a cloud-based service that can help you run scripts; configure, update, and manage operating systems; and manage your IT asset inventory. This blog post highlights three key advantages of using Azure Automation to schedule and run scripts. Native Cloud Capabilities Running PowerShell scripts in Azure Automation instead of on premises offers several

Three Reasons to Use Azure Automation to Run Your Scripts  Read More »

An Introduction to Protected Actions in Conditional Access

The Microsoft Azure portal includes a subset of permissions called protected actions, which can be used to manage Conditional Access (CA) policies and cross-tenant access settings. Protected actions are associated with an authentication context, which can be added to the scope of a CA policy. The relationship between the authentication context, protected actions, and CA

An Introduction to Protected Actions in Conditional Access Read More »

Windows 365 Boot and Switch: Building a Solid Foundation

In the ever-evolving landscape of digital workspace solutions, Windows 365 emerges as a cloud-based PC deployment solution tailored for organizations seeking enhanced security and centralized control. With the advent of Windows 365, two key features come into play: Windows 365 Boot and Windows 365 Switch. In this blog, we’ll explore what these two services offer,

Windows 365 Boot and Switch: Building a Solid Foundation Read More »

6 Tips to Harden Your Windows LAPS Deployment

In a previous blog post, we covered how to migrate to Windows Local Administrator Password Solution (LAPS). With Windows LAPS deployments gaining traction, it’s important to review configuration items and implement policies that can harden your endpoints and mitigate attacks from bad actors. Secret encryption, secret history, access control list (ACL) monitoring, and more play

6 Tips to Harden Your Windows LAPS Deployment Read More »

Use Privileged Access Workstations to Increase Security

All organizations use privileged accounts to manage their environments. In many cases, administration is performed from productivity workstations, which are vulnerable to a substantial number of attack vectors. A key component in securing privileged access is performing privileged administration from secure workstations, also known as privileged access workstations (PAWs). PAWs are purpose-built, hardened computers that

Use Privileged Access Workstations to Increase Security Read More »

Active Directory: The End of the Road? Not Quite Yet!

Microsoft announced several enhancements to Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) that are included in the preview for the next version of Windows Server (Windows Server 2025). These enhancements provide additional security, scaling and performance, and supportability for AD DS/LDS. In this blog post, we’ll discuss some

Active Directory: The End of the Road? Not Quite Yet! Read More »

Virtual Machine Generation ID with Active Directory Domain Controllers

Active Directory (AD) domain controllers (DCs) have been around since Windows 2000. At that time, virtualization was in its infancy and almost every server was physical. And many of those servers weren’t even housed in a typical datacenter or server closet. Virtualization started to take off in the early to mid-2000s. It enabled the use

Virtual Machine Generation ID with Active Directory Domain Controllers Read More »