Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Note-to-self: Identity manager resources at the TechNet Evaluation Center

Mon 3 Aug 2015 Leave a comment

Source: http://aka.ms/IdentityManagerEval aka http://www.microsoft.com/en-us/evalcenter/search?k=identity%20manager&p=&a=&s=&r=&so=

Head over to the TechNet Evaluation center to find some interesting resources on Identity Manager….


Note-to-self: MVA course – Getting Started with Azure Security for the IT Professional

Thu 23 Jul 2015 Leave a comment

Source: https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started-with-azure-security-for-the-it-professional-11165

From the course description:

“Course information

Earning Trust in the Microsoft Cloud

Join Scott Edwards and Rick Claus for a look at the Microsoft commitment to earn customer and partner trust in its Cloud Services, with a focus on privacy controls, compliance, and certification.

Inside a Microsoft Datacenter

Have you ever wondered what “cloud scale” looks like? Take a virtual tour of a datacenter (designed, built, and operated by Microsoft), and learn about defense in depth, access, and cloud security.

Architecting Secure Compute Solutions on Azure

Explore ways to design solutions that will be secure and well architected for availability within your Azure subscription. Learn about security boundary implementation and ways to minimize downtime.

Virtual Appliances and Security

​ ​This session covers various elements of the network virtualization stack with emphasis on virtual networks, network security, and user defined routing.

Understanding Virtual Appliances

You will learn how to deploy virtual appliances in Azure Virtual Network. The key focus is on security appliances (firewall, gateway), ADC (application delivery controller), and WAN optimization.​ ​

Extend Your Network to the Microsoft Cloud

Learn about how Microsoft Azure ExpressRoute enables you to extend your network to Microsoft and enable Hybrid Scenarios for your Enterprise.

How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications. This is part 1 covering background and theory.

Demos: How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. This is part TWO covering all the demos of the Azure Key Vault service​.

Disk Encryption with Key Vault

​Disk Encryption has been something that our customers have been asking about since Azure IaaS has been available. Learn what options are available to your Azure IaaS VMs now with Azure KeyVault.

Antivirus Options in Azure

AntiVirus extensions are available in Azure and can be included in your Virtual Machine images. Learn what options are available and how to leverage them in your solutions.

Encryption for SQL Server on Azure Virtual Machines

This talk will cover how customers can use the SQL Server Connector to use Azure Key Vault as an Extensible Key Manager in implementing SQL Server encryption on Azure Virtual Machines.

Azure SQL Database Security

This talk will cover 2 new security features for Azure SQL DB, Transparent Data Encryption and Azure Active Directory integrated authentication.”

Note-to-self: update to #FIM2010 Lifecycle support (mainstream support now : 2017-10-10)

Fri 10 Jul 2015 Leave a comment

The FIM support lifecycle page has been updated, FIM 2010 main stream support is now set to 10 oct 2017.

Source: https://support.microsoft.com/en-za/lifecycle/search?sort=PN&alpha=Microsoft%20Forefront%20Identity%20Manager&Filter=FilterNO

Products Released Lifecycle Start Date Mainstream Support End Date Extended Support End Date Service Pack Support End Date Notes
Microsoft Forefront Identity Manager 2010 2010-05-27 2017-10-10 2022-10-11 Mainstream and Extended support for Microsoft Forefront Identity Manager 2010 is extended as shown in order to provide all customers with the standard lifecycle transition timeline.
Microsoft Forefront Identity Manager 2010 R2 2012-07-24 2017-10-10 2022-10-11 2014-04-08 Mainstream and Extended support for Microsoft Forefront Identity Manager 2010 is extended as shown in order to provide all customers with the standard lifecycle transition timeline.
Microsoft Forefront Identity Manager 2010 R2 Service Pack 1 2013-01-15 Review Note Review Note Support ends 12 months after the next service pack releases or at the end of the product’s support lifecycle, whichever comes first. For more information, please see the service pack policy at http://support.microsoft.com/lifecycle/#ServicePackSupport.

Note-to-self: a new build of the #MIM2016 CTP on Microsoft Connect (Milestone CTP4, 4.3.1935.0)

Mon 6 Jul 2015 Leave a comment

Last update, in april, the FIM/MIM product group posted MIM beta-build  4.3.1790.0.
Yesterday the MIM PG has posted new build install files on Connect. (4.3.1935.0).

You’ll notice this set of data only has the install files and hasn’t got the VMs anymore…

Release date, RTM, GA getting close?

Note-to-self: Insider Threat report from Infosecbuddy

Mon 6 Jul 2015 Leave a comment

Source: http://www.infosecbuddy.com/thank-you-here-is-your-insider-threat-report/

(No, you don’t need to leave your precious dummy contact details…)

From the report:

“Highly publicized insider data theft, such as the recent Morgan Stanley breach or Edward Snowden incident,
highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

This report is the result of comprehensive crowd-based research in cooperation with the
260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state
of insider threats and solutions to prevent them.”

A hotfix rollup package (build 4.1.3646.0) is available for #FIM2010 R2 SP1

Thu 25 Jun 2015 Leave a comment

Source: https://support.microsoft.com/en-us/kb/3054196

Microsoft has release an important update, to fix important issues.
Some of them listed below…

FIM Service

When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click View members. After you apply this update, the View Members button works as expected.

FIM Portal


  • FIM Credential Provider Extension for Self-Service Password Reset (SSPR), you cannot answer by using double-byte characters through the Windows Input Method Editor (IME) in the “Question and Answer” gate.
  • In the FIM Password Registration Portal, auto-focus on the first text box can cause the first registration question to be hidden from view
  • On the FIM Password Registration and Password Reset websites, autocomplete was not disabled for the logon forms
  • the Object Picker control in the FIM Identity Management Portal returns invalid results if there were special characters in the search string.


Fixed: The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately.

FIM Sync


  • The management agent for Active Directory receives a “Replication Access Denied” error when you run a Delta Import run profile step on domains that contain a read-only domain controller (RODC).



  • When you create delta-attestation campaign in BHOLD Analytics, an error message is displayed regardless of whether the campaign was created.
  • In BHOLD Attestation, user interface elements may not be available with new versions of Internet Explorer

Happy fixing!

Categories: Security

Note-to-self: By default #FIM2010 Localized information is not migrated using Export-FIMConfig

Wed 17 Jun 2015 Leave a comment

Many of us are using the Export-FIMConfig powershell to export, extract, migrate or document FIM Service and portal configurations.

If someone complains that the localized content is not exported or migrated, I send over the links below.



Many international FIM customer have localized and/or customized content that doesn’t get exported with the default export functionality.
This is explained in Appendix C: “Localized information not migrated by default”:

“By default, the Windows PowerShell scripts that are included in this guide do not migrate localized information. To include localized display names, edit the ExportPolicy.ps1 and the SyncPolicy.ps1 so that the Export-FIMConfig cmdlet includes the –AllLocales option. This option instructs the cmdlet to download all localized information. However, its presence slows down the scripts.

Another parameter  to pay attention to is the -MessageSize parameter

As explained at “Windows PowerShell Examples for Configuring FIM“:

” If a FIM 2010 R2 resource is too large to fit within a single Simple Object Access Protocol (SOAP) message, it may be necessary to increase the message size. This regularly happens when you export Set resources with thousands of explicit members. Often, administrators pick an arbitrarily large message size such as 999,999.”

Keep in mind that exporting the localized information and a large message size will significantly impact your export performance.


Some additional references to bookmark:

And interesting to read:


Get every new post delivered to your Inbox.

Join 78 other followers