Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

I recently came across an issue where a user-assigned managed identity on a VM was not able to read the properties of the resource group where the VM object it was assigned to resided. As our deployment relied on these permissions being set it would fail until the permissions were added. Normally, you could easily … Continue reading Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

AKS: Enabling and using preview features such as nodepools using CLI

Most of the time we use the familiar Azure portal to consume Azure Resources. That is all well and good. However sometimes we find that having the Azure CLI to do this is more easier, as once we perfect the script we can just run it, instead of having to use the Portal. In this … Continue reading AKS: Enabling and using preview features such as nodepools using CLI

LAPS Security Concern : Computers joiners are able to see LAPS Password

Here we will discuss a common concern about LAPS as many customers noticed that people who join the computers to the domain can retrieve the LAPS password although they are not given the Permission to do so and because some organizations allow normal users to join their machines to the domain this consider a security … Continue reading LAPS Security Concern : Computers joiners are able to see LAPS Password

Active Directory Security Best Practices: Part 2

Hello Again , this our second blog about AD security best practices in our fist blog we talked about one of the most important security mitigation which is secured privileged accounts , you can find it in the following link , https://secureinfra.blog/2019/09/26/active-directory-security-best-practices-part-1/ here we will talk about our second mitigation : Slow Lateral Movement Lets … Continue reading Active Directory Security Best Practices: Part 2

Quick blog – Importing Updates into WSUS – CVE-2019-1367

a Question that was raised this week by quite a few customers is around importing updates into the SCCM environment, that are not available on WSUS, but are on Microsoft Update. The below steps will guide you through the steps to get the updates into the environment quickly As per the CVV article, there are … Continue reading Quick blog – Importing Updates into WSUS – CVE-2019-1367

Field Notes: Azure Active Directory Connect – Verifying Federated Login

I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. The latest post in the series covers federation with Active Directory Federation Services … Continue reading Field Notes: Azure Active Directory Connect – Verifying Federated Login