It's time to get your head out of the clouds!

27th of February, 2017 / / No Comments

head-in-the-clouds1
For those of you who know me, you are probably thinking “Why on earth would we be wanting to get our heads out of the “Cloud” when all you’ve been telling me for years now is the need to adopt cloud!
This is true for the most part, but my point here is many businesses are being flooded by service providers in every direction to adopt or subscribe to their “cloud” based offering, furthermore ICT budgets are being squeezed forcing organisations into SaaS applications.… [Keep reading] “It's time to get your head out of the clouds!”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration

24th of January, 2017 / / No Comments

In Part 1 and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In this series we will continue our venture in configuring Azure MFA in ADFS 2016.
Azure MFA – What is it about?
It is a bit confusing when we mention that we need to enable Azure MFA on ADFS. Technically, this method is actually integrating Azure MFA with ADFS. MFA itself is authenticating on Azure AD, however, ADFS is prompting you enter an MFA code which will be verified with the Azure AD to sign you in.… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1

20th of January, 2017 / / 2 Comments

Introduction
With the release of Windows Server 2016, Microsoft has introduced new and improved features. One of those features is ADFS 4.0, better known as ADFS 2016.
Organisations have already started leveraging ADFS 2016 as it covers most of their requirement, specially in terms of security.
In this series of blog posts, I will demonstrate how you can upgrade from ADFS v 3.0 (Running Windows Server 2012 R2) to ADFS 2016 (Running Windows Server 2016 Datacenter).… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1”

Configuring AWS Web Application Firewall

30th of November, 2016 / / No Comments

In a previous blog, we discussed Site Delivery with AWS CloudFront CDN, one aspect in that blog was not covered and that was WAF (Web Application Firewall).
What is Web Application Firewall?

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.

[Keep reading] “Configuring AWS Web Application Firewall”

Forcing MFA in Amazon Web Services

24th of November, 2016 / / No Comments

Many organisations will want to enforce MFA for an added security layer for their users. As each service is different, in some cases enforcing MFA may not be as easy as it sound.
In AWS, an administrator cannot simply “tick” to enable MFA on all users (as of this writing). However, MFA can be enforced on API calling, to “force” a user to setup MFA. Think of it as a backdoor, to forcing or enabling MFA on all your IAM users.… [Keep reading] “Forcing MFA in Amazon Web Services”

Avoiding Windows service accounts with static passwords using GMSAs

21st of October, 2016 / / 3 Comments

One of the benefits of an Active Directory (AD) running with only Windows Server 2012 domain controllers is the use of ‘Group Managed Service Accounts’ (GMSAs).
GMSAs can essentially execute applications and services similar to an Active Directory user account running as a ‘service account’.  GMSAs store their 120 character length passwords using the Key Distribution Service (KDS) on Windows Server 2012 DCs and periodically refresh these passwords for extra security (and that refresh time is configurable).… [Keep reading] “Avoiding Windows service accounts with static passwords using GMSAs”

Exchange Online Protection Organizational Approach

4th of October, 2016 / / No Comments

I have been working for an organisation who had recently migrated to Exchange Online protection (EOP), and we had found that some of his important emails, from a legitimate email source, were getting blocked.
Upon investigation it turns out that a week before the customer’s organisation was hit by a Zero-Day virus which resulted in spoofed emails coming through and landing in the end user mailboxes. This resulted into a bit of chaos and a decision was taken to modify the Bulk email threshold (BCL) to a tighter level.… [Keep reading] “Exchange Online Protection Organizational Approach”

Azure AD Application SSO and Provisioning – Things to consider

14th of September, 2016 / / 3 Comments

I’ve had the opportunity to work on a couple of customer engagements recently integrating SaaS based cloud applications with Azure Active Directory, one being against a cloud-only Azure AD tenant and the other federated with on-premises Active Directory using ADFS. The Azure AD Application Gallery now has over 2,700 applications listed which provide a supported and easy process to integrate applications with Azure AD, although not every implementation is the same. Most of them have a prescribed tutorial on how to perform the integration (listed here), while some application vendors have their own guides.… [Keep reading] “Azure AD Application SSO and Provisioning – Things to consider”