Note-to-self: Just Enough Administration Whitepaper

Source: https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

Short URL: http://aka.ms/JEA

From the introduction: ”

In the current world of Information Technology, protective measures do not stop at the network edge. Recent news reports based on security breach post-mortems indicate the need to protect assets using measures that reduce administrative access. While the principle of least privilege has always been known to IT Security professionals, there is a need in the industry for a standardized method of constructing an operator experience that reduces access with a more sophisticated level of granularity than what is available in many traditional access control models.

Just Enough Administration (JEA) is a solution designed to help protect Server systems. This is accomplished by allowing specific users to perform administrative tasks on servers without giving them administrator rights, and then auditing all actions that these users performed. JEA is based on Windows PowerShell constrained runspaces, a technology that is already being used to secure administrative tasks in environments such as Microsoft Exchange Online.”

For the latest information, please see http://blogs.msdn.com/powershell/ and http://aka.ms/buildingclouds

Don’t need to tell you that you should definitely save these in your favorites. (Well, just did it… so no excuses..)

Note-to-self: understand and manage the risk posed by targeted attacks by determined adversaries

Source:

Bookmark this:

Microsoft has released a series of whitepapers that are designed to help organizations understand and manage the risk posed by targeted attacks by determined adversaries.  These papers include:

In addition, they have published a short series of videos that introduce many of the topics covered in these papers.

Full details at: http://blogs.microsoft.com/cybertrust/2013/06/13/targeted-attacks-video-series/

The shortcut below:

Introduction to Determined Adversaries and Targeted Attacks:

Mitigating Pass-the-Hash Attacks:

Anatomy of a Cyber-attack Part 1:

Anatomy of a Cyber-attack Part 2:

Importance of Securing Active Directory:

#AADSync v1.0.0470.1023 released, with new features

Few days ago Microsoft launched a new release of the Azure AD Sync tool.

As mentioned in the AAD Sync Version Release History, this build adds the following features:

  • Password synchronization from multiple on-premise AD to AAD
  • Localized installation UI to all Windows Server languages

Get an overview and comparison for Directory Integration with Azure AD here .

  1. Azure Active Directory Synchronization Tool (DirSync)
  2. Azure Active Directory Synchronization Services (AAD Sync)
  3. Forefront Identity Manager 2010 R2

The download location for AADSync (http://aka.ms/AADSyncDownload) has not changed, but has been updated with the new version.

Overview:

Note-to-Self: Microsoft Security Newsletter September 2014

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

  • Windows Phone 8.1 Security Overview
  • Windows Phone Security Forum for IT Pros
  • Create Stronger Passwords and Protect Them
    • Inlcuding  free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
  • Two-Factor Authentication for Office 365
  • Multi-Factor Authentication for Office 365
  • Configuring Two-Factor Authentication in Lync Server 2013
  • Adding Multi-Factor Authentication to Azure Active Directory
  • Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
  • Building Multi-Factor Authentication into Custom Apps

And:

  • Get Started with Virtual Smart Cards

Plus much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.”

Access control on Azure Cloud applications

(note-to-self)

A few weeks ago Paul Paul Loonen presented a TechNet Live Meeting in Belgium on how to extend your Enterprise Identity to the Cloud,  focussing on what Microsoft has to offer. Topics include Active Directory, Windows Azure ACS and Forefront Identity Manager 2010.

Also followed an interesting session on Azure ACS (access control services) by Vittorio Bertocci.

Looking around for ACS, there is quite some interesting stuff out there.

Things you must check out:

And also:

  More to follow… (still collecting)…