Security

6 Tips to Harden Your Windows LAPS Deployment

In a previous blog post, we covered how to migrate to Windows Local Administrator Password Solution (LAPS). With Windows LAPS deployments gaining traction, it’s important to review configuration items and implement policies that can harden your endpoints and mitigate attacks from bad actors. Secret encryption, secret history, access control list (ACL) monitoring, and more play

6 Tips to Harden Your Windows LAPS Deployment Read More »

Securing On-Premises Access Is Easier Than You Think: Utilizing the Entra Application Proxy

In a previous blog post , we discussed taking advantage of Entra (formerly Azure Active Directory) Application Proxies to allow access to on-premises applications without a dependency on traditional tools such as a VPN. That blog includes a few great points that should be highlighted again. For example, in most organizations an Entra Application Proxy:

Securing On-Premises Access Is Easier Than You Think: Utilizing the Entra Application Proxy Read More »

Win32 App Deployment with Intune Supersedence Rules

There are several ways to deploy applications to users or devices that are managed by Microsoft Intune. In addition to application types, you must also take into consideration the method of assignment and how it will affect you long term from a management and maintenance standpoint. Deploying an application installer via Intune is usually accomplished

Win32 App Deployment with Intune Supersedence Rules Read More »

Manage Entra Groups with the Graph API

In my previous blog [Win32 App Deployment with Intune Supersedence Rules] I explained how to update Win32 applications deployed within Microsoft Intune by using the supersedence feature. Although the process is typically straightforward and simple, the requirement of keeping a security group populated with all user or device objects can make the task time-consuming. This

Manage Entra Groups with the Graph API Read More »

Active Directory Forest Recovery: Plan to Eliminate Downtime

Microsoft Active Directory (AD) is still the predominant identity and management platform for tens of thousands of organizations worldwide. Larger organizations with hundreds to even thousands of applications continue to rely on AD, even as they transition to a cloud-first or AD-minimized environment. The reason? Unraveling all the AD-related technology and applications an organization has

Active Directory Forest Recovery: Plan to Eliminate Downtime Read More »

How to Connect to Microsoft Exchange Online PowerShell with Certificate Authentication in Azure Functions

In a previous blog series, I discussed how to use certificate authentication for PowerShell scripts running in a standard Windows environment. (See “Authentication Options for Automated Azure PowerShell Scripts, Part 1: Service Account vs. App Registration,” as well as Part 2 and Part 3.) In this blog, I discuss remediating basic authentication in a different

How to Connect to Microsoft Exchange Online PowerShell with Certificate Authentication in Azure Functions Read More »

Get Started With LDAP Security

You may recall that in March 2020 Microsoft was planning to configure a couple of Lightweight Directory Access Protocol (LDAP) security settings on behalf of its customers. The company ended up not pulling the trigger, even though vulnerabilities still exist with the default implementation of LDAP. These security holes allow man-in-the-middle (MITM) attacks and replay

Get Started With LDAP Security Read More »

How to Use CA Enrollment Agent to Securely Modify Certificate Requests

Web application owners need to generate and submit certificate requests to secure traffic to their websites. Application owners often use IIS to generate or renew these requests. Occasionally, the original request will need to be altered by the Certificate Authority (CA) administrator before submitting the request to the issuing CA. Quite often, Subject Alternative Names

How to Use CA Enrollment Agent to Securely Modify Certificate Requests Read More »