Security related items and thoughts
Active Directory Federation Services (AD FS) uses endpoints to provide access to features. There are a series of different endpoints which each serve… Read the rest “Check If AD FS WSTrust Endpoint Enabled”
There are a multitude of online tools that help diagnose issues with various mail services, but understanding what these tools actually check is valua… Read the rest “How to Use NsLookup To Check DKIM Record”
When delivering Office 365 Security Optimisation Assessments (SOA) to customers, one of the control items is the version of Azure AD Connect deployed a… Read the rest “Upgrade to Azure AD Connect 2.0”
Admins have become very aware of the need to adjust the Schannel protocol settings for TLS to enable TLS 1.2 and to disable older versions. However, … Read the rest “Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2”
This is a snapshot of portal.azure.com using SSLLabs.com to scan the TLS configuration. The image below is a point in time snapshot of the configurat… Read the rest “SSL Labs Scan Portal.Azure.com–June 2022”
This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.
This was a question from a recent customer engagement: Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”
One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Che… Read the rest “How To Use Nslookup To Check DMARC Record”
Install the Microsoft Defender for Identity (MDI) sensor onto a newly built DC? Easy you say, and that should only take 5 minutes. Well, if that wa… Read the rest “MDI Install Error 0x80070643 Windows Server 2019”
Back in the year 2014 the post How To Request Certificate Without Using IIS or Exchange was released to help create TLS certificates. One of the main u… Read the rest “How To Request Certificate Without Using IIS or Exchange–Updated 2022”