In a previous blog post, we discussed taking advantage of Entra (formerly Azure Active Directory) Application Proxies to allow access to on-premises applications without a dependency on traditional tools such as a VPN. That blog includes a few great points that should be highlighted again. For example, in most organizations an Entra Application Proxy: Sounds …
There are several ways to deploy applications to users or devices that are managed by Microsoft Intune. In addition to application types, you must also take into consideration the method of assignment and how it will affect you long term from a management and maintenance standpoint. Deploying an application installer via Intune is usually accomplished …
Win32 App Deployment with Intune Supersedence Rules Read More »
In my previous blog [Win32 App Deployment with Intune Supersedence Rules] I explained how to update Win32 applications deployed within Microsoft Intune by using the supersedence feature. Although the process is typically straightforward and simple, the requirement of keeping a security group populated with all user or device objects can make the task time-consuming. This …
Active Directory (AD) is still the predominant identity and management platform for tens of thousands of organizations worldwide. Larger organizations with hundreds to even thousands of applications continue to rely on AD, even as they transition to a cloud-first or AD-minimized environment. The reason? Unraveling all the AD-related technology and applications an organization has invested …
Active Directory Forest Recovery: Plan to Eliminate Downtime Read More »
In a previous blog series, I discussed how to use certificate authentication for PowerShell scripts running in a standard Windows environment. (See “Authentication Options for Automated Azure PowerShell Scripts, Part 1: Service Account vs. App Registration,” as well as Part 2 and Part 3.) In this blog, I discuss remediating basic authentication in a different …
You may recall that in March 2020 Microsoft was planning to configure a couple of Lightweight Directory Access Protocol (LDAP) security settings on behalf of its customers. The company ended up not pulling the trigger, even though vulnerabilities still exist with the default implementation of LDAP. These security holes allow man-in-the-middle (MITM) attacks and replay …
Web application owners need to generate and submit certificate requests to secure traffic to their websites. Application owners often use IIS to generate or renew these requests. Occasionally, the original request will need to be altered by the Certificate Authority (CA) administrator before submitting the request to the issuing CA. Quite often, Subject Alternative Names …
How to Use CA Enrollment Agent to Securely Modify Certificate Requests Read More »
In this blog, I’ll show you how to configure a service provider-initiated SAML application to integrate with Azure AD B2C.
Remediating LDAP security issues is important because the default configurations on domain controllers (DCs) and clients are open to various attacks. Learn how to remediate those issues.
Applications that use Lightweight Directory Access Protocol (LDAP) are prevalent in virtually every organization that uses Active Directory (AD). Unfortunately, the default AD configuration provides opportunities for insecure LDAP connections. These defaults have come into focus because of common, widely available AD attack tools such as NTLMRelayX. (For more information about NTLMRelayX, see How to …
Ravenswood Technology Group is based in Chicago, IL but with customers around the world. We help companies, universities, and other organizations with less than 100 employees to over 500,000 build secure, hybrid infrastructure that enable their users to work from anywhere.
[Recent Blog Posts]
[Expertise]
© Ravenswood Technology Group, LLC
