Semperis Blog
Insights From Thought Leaders Around The Globe
The digital identities of modern enterprises exist in a dynamic environment. Read thought leadership from experts worldwide regarding the constantly changing global IT environment and insights for keeping up with growing demands, and securing against escalating threats and vulnerabilities.
FEATURED CONTRIBUTOR OF THE MONTH
Your Active Directory was compromised, is it all lost?
Following a 10-year stint in virtualization technologies, I joined Semperis and dove into the world of Active Directory. Over the last three years, which included some of the most vicious malware attacks ever documented, I think I have finally come up to speed on this part of the IAM world. Here are a couple of conclusions I have come to. First, security attacks are not a matter of if, but rather when. If you want to dispute that, check your …
READ MORE >
October 2, 2018 |
Keeping directory sync in sync with security best practices With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure AD is both easy and efficient. But is it possible to have too much of a good thing? Security best practices limit sharing to a strict need-to-know basis. However, Azure AD Connect synchronizes 151 attributes by default. You read that right: 151 attributes. So, if you perform the “Express Settings” installation of Azure AD Connect, Azure AD will include a total of 151 attributes (excluding attributes that are …
READ MORE
January 11, 2016
IdFix – discovery and remediation of Active Directory objects
As I help companies connect their on-premises Active Directory Domain Services (AD DS) to Azure AD in order to use Microsoft services like Office 365, I’ve found that a critical step is often overlooked. Skipping this step can potentially set your deployment back by weeks! Fortunately, Microsoft has provided a tool to help speed …
READ MORE
December 1, 2015
8 Situations That Put Your Active Directory At Risk
Active Directory Domain Services (AD DS) has grown to be a marvelously reliable, highly scalable, and fault tolerant core component of your company’s IT infrastructure. It generally works quite well without requiring a lot of attention. But the AD DS admin must put in extra work to take the service from a “working well on a day …
READ MORE
October 20, 2015
Azure AD Connect: the staging server
Microsoft continues to work on a sore spot in its hybrid identity strategy: The challenge of deploying its identity bridge between Active Directory Domain Services (AD DS) on premises and Azure Active Directory in the cloud. This bridge consists of AD FS for federation and a succession of utilities, culminating in Azure AD Conne …
READ MORE
September 20, 2015
Why On-Premises Active Directory Still Matters in a Cloud-Connected World
With all the talk about stampeding to the cloud, I get asked fairly regularly if I think Active Directory will be going away. No, AD isn’t becoming obsolete; it’s evolving. And as it evolves, I’d argue that it matters more than ever. Within Microsoft ISSD (Identity and Security Services Division), the folks that bring you all th …
READ MORE
August 30, 2015
Thinking The Unthinkable: Do You Have An Active Directory Forest Recovery Plan?
If you want to make an Active Directory administrator uncomfortable, ask them about their recovery plan. When you ask this question, many AD admins will instead tell you about their object recovery plan. Some will describe their domain controller recovery procedures. But if you press further to ask if they’ve built a plan to dea …
READ MORE
November 19, 2014
Vulnerability in Kerberos Allows Elevation of Privilege
Recently, Microsoft has released a security update (MS14-068) for Windows Server. The patched vulnerability is in the Windows Kerberos Key Distribution Center (KDC), which generates the session tickets to identities within Active Directory while accessing the Domain’s resources. When clients request access to a resource, they co …
READ MOREFeatured WhitePaper
Picking the right type of solution for active directory backup
The infrastructure extension to the cloud has created new challenges for AD administrators to navigate.
DOWNLOAD WHITEPAPER >
Latest Tweets
Subscribe Our Newsletter
