Monitoring Active Directory is a vital task to detect issues before they impact users. Some older protocols are known to be insecure, so lets identify them so we can rectify them.
I have heard a lot of good things about Graylog for central logging within an AD environment. Decided to deploy and see what’s what. The dashboards/alerts are still to come but the core is there.
Fine Grained Password Policies are invaluable for creating multiple password policies that you can apply to groups of users, for example service accounts.
PingCastle is an audit tool that helps you build a prioritised list of issues that need addressing in Active Directory. See how I’ve used it in a ‘box fresh’ domain.
Improve your user experience and security by going Passwordless in Azure AD.
Have you heard about AD Forests, Domains, Trees? What are they? How do you use them?
Automatic Provisioning of users. More importantly, deprovisioning the users. Automate yourself out of a job.
Finding Unconstrained Delegation, finding delegation use and looking to remove it.
AAD Entitlement Management is a fantastic feature for managing external access to your resources. This post will run through the aspects and give you things to think about.
ADFS is dead! Long Live Azure AD! So, you might have read the High Level Design Notes and spotted that I would deploy Active Directory Federated Services (ADFS) as part of what would by my gold standard deployment. However since starting…