Semperis Blog

Insights From Thought Leaders Around The Globe

The digital identities of modern enterprises exist in a dynamic environment. Read thought leadership from experts worldwide regarding the constantly changing global IT environment and insights for keeping up with growing demands, and securing against escalating threats and vulnerabilities.

Microsoft upends traditional password recommendations with significant new guidance

Based on research gleaned from literally billions of login attempts to its Azure cloud service, Microsoft updates its password recommendations – and throws out several long-held industry best practices. Microsoft has recently published a white paper, “Microsoft Password Guidance” that explains their new password guidance, based on the massive amount of data they’re collecting at … Read More

Hidden Gems: The Azure Active Directory Whitepapers

It’s pretty well accepted now that the world is moving away from painstakingly planned, piloted, deployed, and maintained on-premises applications in local data centers. It’s moving to web services, hosted in the cloud (best definition: your stuff on someone else’s computer) whose new capabilities are rapidly deployed and refined via a DevOps mentality. Another artifact … Read More

Azure AD Connect: the staging server

Microsoft continues to work on a sore spot in its hybrid identity strategy: The challenge of deploying its identity bridge between Active Directory Domain Services (AD DS) on premises and Azure Active Directory in the cloud. This bridge consists of AD FS for federation and a succession of utilities, culminating in Azure AD Connect, for … Read More

Vulnerability in Kerberos Allows Elevation of Privilege

Recently, Microsoft has released a security update (MS14-068) for Windows Server. The patched vulnerability is in the Windows Kerberos Key Distribution Center (KDC), which generates the session tickets to identities within Active Directory while accessing the Domain’s resources. When clients request access to a resource, they contact the ticket-granting service in the target resource domain, … Read More