Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (61)
- Active Directory Security (204)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (64)
- Identity Attack Catalog (21)
- Identity Threat Detection & Response (136)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (63)
- Uncategorized (1)
Two New Microsoft Hybrid Services Dramatically Simplify Connecting your Active Directory to Azure
- Sean Deuby | Principal Technologist
Microsoft recently announced the public preview of two major new capabilities that will make integrating your on-premises Active Directory to Azure AD much, much easier. Passthrough authentication (PTA) and Seamless Single Sign-On (I'm choosing to call it 3SO) will allow your users to easily access Azure AD applications such as…
NIST joins Microsoft in Changing How We Should Think About Passwords
- Sean Deuby | Principal Technologist
On the heels of Microsoft's updated password recommendations, the National Institute for Standards and Technology (NIST) has come out with its own updated password guidelines. These recommendations parallel many of Microsoft's recommendations and thus give them extra credibility; in some areas they go further. When two major security industry influencers…
Understanding Azure AD Password (Hash) Sync
- Sean Deuby | Principal Technologist
Now that businesses are adopting cloud computing as part of their business model, a large percentage are choosing to connect their on-premises Active Directory environment to its counterpart in the cloud, Microsoft's Azure Active Directory. When you extend your on-premises AD to Azure AD, you have two choices for how…
Active Directory Corruption Comes In Two Flavors
- Sean Deuby | Principal Technologist
Active Directory is a very robust application, as it should be for such a fundamental building block of a company's IT infrastructure. But the architecture that makes it robust also makes it hard to understand. This lack of understanding often leads to assumptions in your recovery strategy that can leave…
When you should use Azure MFA and when you should use MFA Server
- Sean Deuby | Principal Technologist
One of the most common security-related trends I'm seeing with customers is an interest in adding multifactor authentication (MFA) to both their new and existing solutions. This trend is usually driven by a need to increase overall security, or to satisfy regulatory requirements. As a hybrid service, Azure MFA MFA…
Microsoft upends traditional password recommendations with significant new guidance
- Sean Deuby | Principal Technologist
Based on research gleaned from literally billions of login attempts to its Azure cloud service, Microsoft updates its password recommendations - and throws out several long-held industry best practices. Microsoft has recently published a white paper, "Microsoft Password Guidance" that explains their new password guidance, based on the massive amount…
SaaS Passwords Are Like Cockroaches
- Sean Deuby | Principal Technologist
And in the case of passwords, each one - especially each forgotten one - is a little security risk scurrying around in the shadows. You may think you have gotten rid of them (or at least reduced them to a manageable amount), but they still keep popping up. And as…
Thinking The Unthinkable: Do You Have An Active Directory Forest Recovery Plan?
- Sean Deuby | Principal Technologist
If you want to make an Active Directory administrator uncomfortable, ask them about their recovery plan. When you ask this question, many AD admins will instead tell you about their object recovery plan. Some will describe their domain controller recovery procedures. But if you press further to ask if they've…
