Microsoft’s identity portfolio is huge and includes products and services like Active Directory, AD FS, Azure AD Connect, Defender for Identity, Microsoft Identity Manager and Azure AD. Contrary to what some belief, Active Directory on-premises is supported, alive and kicking and here to stay for most organizations. This became abundantly clear in August 2022, as Microsoft improved things for Identity admins in the following ways:
Azure & Active Directory Center
ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.
Exchange admins have enjoyed the Group writeback optional feature in Azure AD Connect for a long time. It offers add-on functionality to Microsoft 365 Groups in Azure AD for organizations that use both Active Directory and Azure AD in a Hybrid Exchange setup.
Using Microsoft Graph PowerShell SDK
In my previous article about creating custom roles for Exchange Online administrators here, I described how to grant a specific team of administrators permissions to grant admin consent ONLY for specific OAuth2.0 application permissions.
Recently I had to upgrade my Azure AD Connect server from version 1.x to version 2.x, and I blogged about in my December 2021 blog article "Upgrade Azure AD Connect from 1.x to 2.x". After the upgrade I had to upgrade my Azure Active Directory Password Protection services as well since I installed a new server and decommissioned the old one.
Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email. Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others. Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?
Microsoft introduced the feature Publisher Verification to help administrators to stay on top of all OAuth2.0 apps and avoid illicit content attacks. You can find more details about these topics here:
Generally, this is a very welcome security feature, but there are also some pitfalls and facts that need to be considered carefully.
One of the great features in Microsoft 365 is Azure Active Directory Application Proxy. AAD App Proxy allows you to publish internal web applications to the Internet and ensure users authenticate in a very secure way. Best of all, it can do this usually without requiring any firewall changes – all that is required is outbound Internet access from the computer running the AAD App Proxy agent.
Want to learn more about Active Directory?
Active Directory Administration Cookbook, 2nd Edition
In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2022.