The Active Directory Tiered Admin Model is a way to organise AD users and groups with very clear boundaries between standard user accounts and their permission groups, server and application administrative accounts and groups, and domain wide access accounts and groups. Creating and enforcing these boundaries hinders privilege escallation from desktop/user level access to domain compromise. Here’s some automation to set it up.
Was your M365 tenant configured securely when it was deployed? Is it still configured securely now? Update on state of SaaS security posture management (SSPM) post from 2022. This time looking at community projects too.
Sign-in to Mimecast can either be “service provider initiated” (where you sign-in via mimecast’s web portal), or “idenity provider initiated” (where you sign-in via Entra myapps.microsoft.com portal). But why not both! This post shows how to enable both at once.
“Create a picture in the style of a pixar movie of a friendly badger, working in an office IT department, using encryption to secure Microsoft Active Directory” - bing chat
This post describes how to keep user passwords transmitted in LDAP authentication requests safe. Lightweight Directory Access Protocol (LDAP) is an open standard for directories. It underpins Microsoft Active Directory Domain Services (ADDS). Applications need to check in with a central directory to authenticate user sign-ins. Other authentication protocols oAuth,SAML,Kerberos, even NTLM are prefered but still, even today, you’ll need to accomodate self-hosted business applicaitons that only support LDAP for authenticaiton. In my experience these are often JAVA developed apps or apps hosted on Linux. This post has some PowerShell generate encryption certificates (private and public keys) to enable SSL encrypted LDAPS communication with domain controllers.
Here’s the technical specification for a Aioli also known as garlic mayo. Goes well with seafood or chicken. You make a garlic paste by drawing the back of a knife over chopped cloves. The raw garlic is punchy!.
Here’s the technical specification for a chocolate cake that’s popular in scandinavia. There’s no raising agent such as baking powder so, while it gets crispy on the outside, it stays gooey and sticky in the middle. It’s very quick to make and so tasty!
Here’s the technical specification for a tasty loaf of bread. A restaurant near me serves and sells this bread. It’s very quick to make and so tasty! The kefir/buttermilk is slightly acidic; this reacts with the bicarbonate of soda to release carbon dioxide which expands in the mixture to make the bread rise.
Hashicorp Terraform is a tool for managing infrastructure as code. You describe the desired state in versioned text files and the Terraform tool will drag your infrastructure into that state. Sometimes it feels like creating the code takes longer than just using the admin GUI to get something done. Sometimes it’s MUCH faster… This post describes adding 300 address ranges to a network security rule in just one line. How to create a terraform list from a text file.
Face recognition on Apple iPhones has long been a trusted and secure way to sign-in to business apps on corporate phones. With the right camera hardware, it’s been available in Windows too for quite a while. This post describes deploying Windows Hello for Business (WHfB) in a Hybrid AD Joined environment.
The Microsoft Volume Licensing Portal doesn’t seem to be available if you’re licenced via Cloud Solution Provider (CSP) program? I’m helping someone setup Microsoft Deployment Toolkit and couldn’t get a Windows 10 Enterprise edition ISO. Fortunately there’s another way…
