Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Reviewed for you: The latest #FIM2010 learning on your media player, video course by Kent Nordström

Wed 8 Oct 2014 Leave a comment

Quite a while ago I had the privilege of reviewing the draft of the latest publication on Enterprise Identity Management with Microsoft Forefront Identity Manager 2010 (R2). It has been published during my vacation, needed to find some time to visit the final version.
And, it’s not a book, but a video.


For the newest generation of FIM experts, this is another interesting means of learning FIM.
(Oh, it’s old fashioned to use plain old paper book, right?)

As quoted on the Packt website : “If you are implementing and managing FIM 2010 R2 in your business, then this video course is for you. You will need to have a basic understanding of Microsoft-based infrastructure using Active Directory. If you are new to Forefront Identity Management, the case-study approach of this video course will help you understand the concepts and implement them quickly and efficiently. Even if you’re well-versed with the technology, this is a great guide to strengthen your knowledge.”

The interesting part of the video is that you can watch it online, or download it.
‘Start to run” is soooo 2007, now it’s “Start to FIM”!

It’s an 2h and 35 minute big pack of 36 videos.
A lot of stuff, but you won’t regret.

Hey, sometimes it’s a nice feeling of control as you can simply make Kent shut up (don’t try that live).
Let me give you a quick peek on the Table of contents:

  1. Installing FIM 2010 R2 on Windows Server 2012
    • Installing SharePoint Foundation 2013 on Windows Server 2012
    • Configuring Service Accounts for FIM 2010 R2
    • Configuring SQL Aliases for FIM 2010 R2
    • Installing the FIM 2010 R2 Synchronization Service
    • Installing the FIM 2010 R2 Service and Portal
  2. Basic Configuration of FIM Synchronization and FIM Service
    • Configuring the FIM Service Management Agent
    • Setting Up the Active Directory Management Agent
    • Configuring Run Profiles and Schedules
    • Schema Management in FIM 2010 R2
    • Importing Existing Users from Active Directory
  3. User Management
    • Importing Users from HR
    • Provisioning Users to Active Directory
    • Managing the userAccountControl Attribute in AD
    • Exchange Management Using Built-in FIM Functionality
    • Deleting Users in Active Directory
  4. Group Management
    • Understanding Group Types and Scopes
    • Importing Groups from HR
    • Provisioning Groups to Active Directory
    • Using FIM Portal to Manage Groups
    • Managing Distribution Lists Using the Outlook Add-in
  5. Configuring FIM for Self-service
    • Allowing Users to Access the FIM Portal
    • Configuring Self-service Password Reset
    • Allowing Users to Manage Selected Attributes of Their Account
    • Allowing Helpdesk to Manage Users Using the FIM Portal
  6. Customizing FIM
    • Changing the FIM Portal Look and Feel
    • Adding Custom Workflow Activities
    • Using Classic Rules Extensions
    • Using a PowerShell Management Agent to Manage Lync
  7. Reporting
    • Installing FIM Reporting
    • Running the Initial Data Load
    • Viewing Reports
    • Allowing Managers to Access Reports from FIM Portal
  8. Issuing Smart Cards Using FIM CM
    • Installing FIM CM
    • Configuring FIM CM
    • Configuring CA for FIM CM Usage
    • Allowing a Manager to Issue Certificates for Consultants

I must admit I’ve enjoyed the different videos, Kent is doing an extremely good job!
Speaking experience, I know it’s not an easy job to keep a steady, controlled pace.

Still I think there is room for improvement as I’m missing a session transcript, an overview of the external references (overview of all websites, scripts, … on the net) and a hand-out of the entire session would make the course perfect.

Anyway this is another piece of reference material you should add to your FIM reference package.

If you need to catch up on the published FIM material: bookmark these:

Need some more start material: http://aka.ms/StartToFIM

Categories: Security

Note-to-Self: Microsoft Security Newsletter September 2014

Fri 26 Sep 2014 Leave a comment

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

  • Windows Phone 8.1 Security Overview
  • Windows Phone Security Forum for IT Pros
  • Create Stronger Passwords and Protect Them
    • Inlcuding  free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
  • Two-Factor Authentication for Office 365
  • Multi-Factor Authentication for Office 365
  • Configuring Two-Factor Authentication in Lync Server 2013
  • Adding Multi-Factor Authentication to Azure Active Directory
  • Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
  • Building Multi-Factor Authentication into Custom Apps


  • Get Started with Virtual Smart Cards

Plus much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Tue 16 Sep 2014 1 comment

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.”

SCM Baselines for Windows 8.1, IE 11 and Windows Server 2012 R2 are now live!

Thu 4 Sep 2014 Leave a comment

Source: TechNet Blogs » Microsoft Security Guidance » SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!

Today the SCM team has finally released the SCM baselines for Windows 8.1, IE 11 and Windows Server 2012 R2.

To get the updates you can open the SCM tool and select the “Download Microsoft baselines automatically” in the tool:

SCM release

Please carefully read the Release Notes for these baselines in the Attachments/Guides section as there are a couple of known issues that may affect capabilities that worked in the past, but are no longer working with SCM and other related tools.

Alternatively, you can download all the CAB files directly from the following links:

8.1 Baseline and 8.1 Attachments -

IE 11 Baseline and IE 11 Attachments

Windows Server 2012 Baseline and Windows Server 2012 Attachments

Lastly, a HUGE thank you goes to the SCM team, Aaron Margosis and Rick Munck who have put huge efforts to release these baselines.

They have also produced the SCM materials, along with a more extensive set of GPO’s and security guide here for customers to use: http://blogs.msdn.com/b/aaron_margosis/archive/2014/08/15/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx.

See also:

  • SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  • What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11
  • Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta
  • Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Hotfix rollup package (build 4.1.3599.0) is available for #FIM2010 R2 SP1

Wed 3 Sep 2014 Leave a comment

A hotfix rollup package (build 4.1.3599.0) is available for Microsoft Forefront Identity Manager (FIM) 2010 R2 Service Pack 1 (SP1). This hotfix rollup resolves some issues and adds some features that are described in the “More Information” section.

Details at: http://support.microsoft.com/kb/2980295/nl

For a complete list of the hotfixes for FIM 2010 (incl. R2…), go to http://aka.ms/FIMBuilds



Categories: FIM, Hotfix, Microsoft

Note-to-self: Microsoft announced the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Thu 14 Aug 2014 Leave a comment

Source: http://blogs.technet.com/b/secguide/archive/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.

There are a few changes between these recommendations and the beta version we released in April. They discuss those changes in more detail in two other blog posts: one about most of the changes, and another detailed post about the issues around account lockout recommendations.

AAD Sync Beta 3 is now available for download through MS connect #FIM2010

Tue 12 Aug 2014 Leave a comment

The Azure Active Directory Synchronzation services team has announced that the AAD Sync Beta 3 is now available for download through the Identity and Access Management program on Microsoft Connect.

You’ll find the download at https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=54059

In this release they made a lot of investments in our Hybrid Exchange and Multi-forest configuratrions and added the experience for multi-forest password write-back.

Make sure to read the documentation at  http://go.microsoft.com/fwlink/?LinkID=393942 before installing the product and visit it again for updates.

Provide feedback using “Feedback” on Connect. This will get you direct access to the PG and support.


Get every new post delivered to your Inbox.

Join 53 other followers