Today Microsoft made big announcements about its Microsoft Entra suite of identity and security products and capabilities. The Microsoft Entra suite is expanding into Security Service Edge and Azure Active Directory (Azure AD) is becoming Microsoft Entra ID. Azure Active Directory as a name is now earmarked for the history books and Entra ID is born.… keep reading
Azure AD/Active Directory User Security Evaluation Reporter
During December 2018 – February 2019 Microsoft have run an online Microsoft Graph Security Hackathon on Devpost.
The criteria of the hackathon was;
- Build or update a functioning Microsoft Graph-powered solution that leverages the Microsoft Graph Security API
Following the announcement of the Hackathon I was encouraged by Kloud management to enter. … keep reading
Lithnet Password Protection for Active Directory
Today Ryan Newington released the latest Open Source project from Lithnet; Lithnet Password Protection for Active Directory.
I’ve posted extensively about leveraging Lithnet services in conjunction with Microsoft Identity Manager. In fact many of the solutions I’ve built for customers just wouldn’t be as functional without Ryan’s extensive contributions to the Microsoft Identity Management community under the Lithnet brand.… keep reading
Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned
Background
In August 2017 Troy Hunt released a sizeable list of Pwned Passwords. 320 Million in fact.
I subsequently wrote this post on Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager which called the API and sets a boolean attribute in the MIM Service that could be used with business logic to force users with accounts that have compromised passwords to change their password on next logon.… keep reading
UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager
Earlier this week I posted this blog post that showed a working example of using a custom Pwned Password FIM/MIM Management Agent to flag a boolean attribute in the MIM Service to indicate whether a users password is in the pwned passwords dataset or not.… keep reading
Synchronizing Exchange Online/Office 365 User Profile Photos with FIM/MIM
Introduction
This is Part Two in the two-part blog post on managing users profile photos with MIM (Microsoft Identity Manager). Part one here detailed managing users Azure AD/Active Directory profile photo. This post delves deeper into photos, specifically around Office 365 and the reason why you may want to manage these via FIM/MIM.… keep reading
Scripting the generation & creation of Microsoft Identity Manager Sets/Workflows/Sync & Management Policy Rules with the Lithnet Resource Management PowerShell Module
Introduction
Yes, that title is quite a mouthful. And this post is going to be quite long. But worth the read if you are having to create a number of rules in Microsoft/Forefront Identity Manager, or even more so the same rule in multiple environments (eg.… keep reading
Diagnosing FIM/MIM ‘kerberos-no-logon-server’ error on an Active Directory Management Agent
Overview
I have a complex customer environment where Microsoft Identity Manager is managing identities across three Active Directory Forests. The Forests all serve different purposes and are contained in different network zones. Accordingly there are firewalls between the zone where the MIM Sync Server is located and two of the other AD Forests as shown in the graphic below.… keep reading
Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager
Introduction
One of the foundations of Identity Management is the ability to join an identity between disparate connected systems. As we extend our management of identities into cloud services this adds a few twists.
A key concept is to use an anchor that is persistent.… keep reading
How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports
Introduction
I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API.… keep reading