Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned

Microsoft Identity Manager - Have I Been Pwned

Background

In August 2017 Troy Hunt released a sizeable list of Pwned Passwords. 320 Million in fact.

I subsequently wrote this post on Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager which called the API and sets a boolean attribute in the MIM Service that could be used with business logic to force users with accounts that have compromised passwords to change their password on next logon.… keep reading

Provisioning Hybrid Exchange/Exchange Online Mailboxes with Microsoft Identity Manager

Hybrid Exchange/Exchange Online Mailboxes

Introduction

Working for Kloud all our projects involve Cloud services, and all our customers have varying and unique requirements. Recently one of our customers embarked on their migration from On-Premise Exchange to Exchange Online. Nothing really groundbreaking there though, however they had a number of unique requirements including management of Litigation Hold.… keep reading

Awarded Microsoft MVP for Enterprise Mobility – Identity and Access Management

Microsoft MVP

This week I was awarded Microsoft Most Valuable Professional for Enterprise Mobility for my work in the area of Identity and Access Management.

This is quite an honor and something I had never considered as for the majority of my professional career I’ve been employed by integrators that require all my work to be considered intellectual property that must not be shared publicly.… keep reading

Display Microsoft Identity Manager Sync Engine Statistics in the MIM Portal

Introduction

In the Microsoft / Forefront Identity Manager Synchronization Service Manager under Tools we have a Statistics Report. This gives a break down of each of the Management Agents and the Connectors on each MA and therefore MIM Sync Statistics.

I had a recent requirement to expose this information for a customer but I didn’t want them to have to connect to the Synchronization Server (and be given the permissions to allow them to).… keep reading