Clik here to view.
Azure AD Best Practice: Requiring users to periodically re-confirm their...
Disabling the authentication methods re-confirmation prevents users from updating potentially outdated information such as email or phone number and can decrease the effectiveness of Self-service...
View ArticleClik here to view.
System Center Configuration Manager –“Error Deploying Windows 10 In Place...
The Issue Trying to do an In Place Windows 10 Upgrade with McAfee DLP Endpoint fails. As soon as the Operating System is applied the machine restarts and simply starts up to the “Repair” screen. The...
View ArticleClik here to view.
Active Directory security Best Practices : Part 1
As The Active Directory is identified as one of the most business critical applications whose any outage can cause downtime of users and services so it need special care and high attention in terms of...
View ArticleClik here to view.
Deploy Azure Kubernetes Service (AKS) to a preexisting VNET
I recently ran into an issue where I needed to deploy AKS in an environment with a limited number of available IP addresses. If you’ve ever deployed AKS before, you might have noticed that using the...
View ArticleClik here to view.
Quick blog – Importing Updates into WSUS – CVE-2019-1367
a Question that was raised this week by quite a few customers is around importing updates into the SCCM environment, that are not available on WSUS, but are on Microsoft Update. The below steps will...
View ArticleClik here to view.
Active Directory Security Best Practices: Part 2
Hello Again , this our second blog about AD security best practices in our fist blog we talked about one of the most important security mitigation which is secured privileged accounts , you can find it...
View ArticleClik here to view.
The new way to avoid exposing port 3389 in Azure – Bastion!
Microsoft has released the public preview for Azure Bastion, allowing an additional factor and separate subnet to be your protection from the hordes of hackers who scan the Internet every day looking...
View ArticleAzure AD Best Practice: When to Consider Using a Full SQL Server Instance for...
By default, Azure AD Connect installs with SQL Express. More specifically, the default is a SQL Server 2012 Express LocalDB (a light version of SQL Server Express). If you need to manage a higher...
View ArticleClik here to view.
LAPS Security Concern : Computers joiners are able to see LAPS Password
Here we will discuss a common concern about LAPS as many customers noticed that people who join the computers to the domain can retrieve the LAPS password although they are not given the Permission to...
View ArticleClik here to view.
Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and...
My big focus for Azure at Microsoft is in administration and identity. This includes a lot of heavy Azure AD work. I regularly help customers assess their Azure AD implementations and plans, which puts...
View ArticleSystem Center Service Manager: Working with FIPS and Report Server
When you browse Report Manager URL, you get an HTTP 500 error or a blank page (in case if you have disabled friendly HTTP messages) on the browser window. When you check the Reporting Services log...
View ArticleClik here to view.
AGPM: The case of the missing GPT.ini file – a possible workaround
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager...
View ArticleAD: Discover what you’ve got
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. I wrote a really basic script that will scour your domain and return...
View ArticleTip: Capturing Devices to Manage in Intune Using Azure AD Connect
Working with customers who are starting their migration for identity and administration from on-premises to Azure, I see a couple options in the installation and configuration of Azure AD Connect that...
View ArticleAD: Domain controllers – discover what you’ve got
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to...
View ArticleClik here to view.
SCOM 2019 Agent Installation Error
While providing support at a customer, I encountered a strange issue with the SCOM agent installations as shown below: Upon investigation the findings were as follows: The usual workaround is to...
View ArticleAKS: Enabling and using preview features such as nodepools using CLI
Most of the time we use the familiar Azure portal to consume Azure Resources. That is all well and good. However sometimes we find that having the Azure CLI to do this is more easier, as once we...
View ArticleTest read rights for user-assigned managed identity on a Linux VM in Azure Gov
I recently came across an issue where a user-assigned managed identity on a VM was not able to read the properties of the resource group where the VM object it was assigned to resided. As our...
View ArticleAD: Nitty Gritty of Fine-Grained Password Policies
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but...
View ArticleClik here to view.
Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering
This is a continuation of a series on Azure AD Connect. The recently published blog post covers a quick introduction to the troubleshooting task available in Azure AD Connect. This post goes through...
View Article