Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

This is a continuation of a series on Azure AD Connect. The recently published blog post covers a quick introduction to the troubleshooting task available in Azure AD Connect. This post goes through options that are available in Azure AD Connect to apply filtering on objects that should be synchronized. I provide links to all … Continue reading Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

My big focus for Azure at Microsoft is in administration and identity. This includes a lot of heavy Azure AD work. I regularly help customers assess their Azure AD implementations and plans, which puts me in the unique position to hear about customer woes directly. One of the bigger pain points I hear from customers … Continue reading Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

The new way to avoid exposing port 3389 in Azure – Bastion!

Microsoft has released the public preview for Azure Bastion, allowing an additional factor and separate subnet to be your protection from the hordes of hackers who scan the Internet every day looking for open port 3389 with easy passwords or vulnerable patch-level. And things are simpler for you as well - no more unnecessary PIP's … Continue reading The new way to avoid exposing port 3389 in Azure – Bastion!

Field Notes: Azure Active Directory Connect – Troubleshooting Task Overview

This is a continuation of a series on Azure AD Connect. Previous parts have mostly been focusing on the installation and configuring different user sign-in options for Azure AD. Links to these are provided in the summary section below. Now that we have covered the common setup options for Azure AD Connect, I would like … Continue reading Field Notes: Azure Active Directory Connect – Troubleshooting Task Overview

Step by step MIM PAM setup and evaluation Guide – Part 3

This is third part of the series. In the previous posts we have prepared test environment for PAM deployment, created and configured all needed service accounts, installed SQL Server and prepared PIM server for further installation. Now we have two forests – prod.contoso.com and priv.contoso.com. In PROD we have set up Certificate services, Exchange server, … Continue reading Step by step MIM PAM setup and evaluation Guide – Part 3

Step by step MIM PAM setup and evaluation Guide – Part 2

This is second part of the series. In the previous post we have prepared test environment for PAM deployment. Now we have two forests – prod.contoso.com and priv.contoso.com. In PROD we have set up Certificate services, Exchange server, ADFS services and configured two test applications – one is using Windows Integrated Authentication and the second … Continue reading Step by step MIM PAM setup and evaluation Guide – Part 2

Step by step MIM PAM setup and evaluation Guide – Part 1

Background: Privileged Access Management (PAM) is relatively new feature of Microsoft Identity Manager 2016 and is becoming more and more popular. Intention of this Blog series is to provide step by step instructions how to deploy PAM right way and how to evaluate its features. In this series I will use Azure VMs to simulate … Continue reading Step by step MIM PAM setup and evaluation Guide – Part 1