Monitoring Active Directory is a vital task to detect issues before they impact users. Some older protocols are known to be insecure, so lets identify them so we can rectify them.
Graylog central logging
I have heard a lot of good things about Graylog for central logging within an AD environment. Decided to deploy and see what’s what. The dashboards/alerts are still to come but the core is there.
Fine Grained Password Policies
Fine Grained Password Policies are invaluable for creating multiple password policies that you can apply to groups of users, for example service accounts.
Brand new forest, PingCastle
PingCastle is an audit tool that helps you build a prioritised list of issues that need addressing in Active Directory. See how I’ve used it in a ‘box fresh’ domain.
Passwords are toast
Improve your user experience and security by going Passwordless in Azure AD.
AD Forests, Domains, Trees
Have you heard about AD Forests, Domains, Trees? What are they? How do you use them?
Automatic User Provisioning
Automatic Provisioning of users. More importantly, deprovisioning the users. Automate yourself out of a job.
Remove Unconstrained Kerberos Delegation
Finding Unconstrained Delegation, finding delegation use and looking to remove it.
AAD Entitlement Management
AAD Entitlement Management is a fantastic feature for managing external access to your resources. This post will run through the aspects and give you things to think about.
Azure AD Authentication
ADFS is dead! Long Live Azure AD! So, you might have read the High Level Design Notes and spotted that I would deploy Active Directory Federated Services (ADFS) as part of what would by my gold standard deployment. However since starting…