Microsoft identity and access management
The distributed nature of the modern workforce requires administrators who are adept at handling Microsoft's identity and access management products to streamline the authentication process and prevent unauthorized access to resources. Get tips to manage identities properly and prevent any security lapses in the enterprise.
Top Stories
-
Answer
06 Feb 2024
How to set up a Windows Server 2022 domain controller
While the process to migrate from a legacy domain controller is not difficult, it does require advanced preparation to avoid connectivity issues and other problems. Continue Reading
-
Tutorial
25 Jan 2024
Using Microsoft AD Explorer for common admin tasks
The utility makes it easier to navigate the Active Directory database and features snapshot capabilities with a comparison function to detect where a change caused a problem. Continue Reading
-
Tutorial
25 Jan 2024
Using Microsoft AD Explorer for common admin tasks
The utility makes it easier to navigate the Active Directory database and features snapshot capabilities with a comparison function to detect where a change caused a problem. Continue Reading
-
Tip
22 Jan 2024
How to use a Microsoft Entra ID emergency access account
A break-glass account in Microsoft's identity and access management platform helps avoid disruptions in a crisis. Follow these best practices to keep these credentials safe. Continue Reading
-
Tip
27 Dec 2023
How to manage a migration to Microsoft Entra ID
Thinking of leaving Active Directory behind? A successful move to Microsoft's cloud-based identity and access management platform hinges on how well you've prepared in advance. Continue Reading
-
Tip
27 Dec 2023
What are the Microsoft Entra ID benefits for on-prem admins?
Active Directory's presence looms large for organizations that rely on Microsoft's venerable directory service for a multitude of tasks tied to identity and access. Continue Reading
-
Definition
28 Nov 2023
privileged identity management (PIM)
Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments. Continue Reading
-
Definition
21 Nov 2023
possession factor
The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token. Continue Reading
-
Tip
13 Nov 2023
What should admins know about Microsoft Entra features?
Microsoft Entra combines new and existing cloud-based products and packages them under a new name. Learn how this change affects identity access management in your organization. Continue Reading
-
Definition
09 Nov 2023
mandatory access control (MAC)
Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Continue Reading
-
Definition
18 Oct 2023
Google Authenticator
Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources. Continue Reading
-
Definition
12 Oct 2023
Microsoft Windows Credential Guard
Microsoft Credential Guard is a security feature in Microsoft Windows operating system (OS) that isolates user credentials, such as login information, from the rest of the operating system. Continue Reading
-
Definition
10 Oct 2023
password entropy
Password entropy is a measurement of a password's strength based on how difficult it would be to crack the password through guessing or a brute-force attack. Continue Reading
-
Definition
06 Oct 2023
risk-based authentication (RBA)
Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise. Continue Reading
-
Definition
23 Aug 2023
BYOI (bring your own identity)
BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
-
Definition
14 Aug 2023
Directory Services Restore Mode (DSRM)
Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers. Continue Reading
-
Definition
31 Jul 2023
Common Access Card (CAC)
A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities. Continue Reading
-
Definition
09 Jun 2023
logon (or login)
In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
-
Definition
12 May 2023
Active Directory domain (AD domain)
An Active Directory domain (AD domain) is a collection of objects within a Microsoft Active Directory network. Continue Reading
-
Definition
11 May 2023
Active Directory functional levels
Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain. Continue Reading
-
Definition
20 Apr 2023
Microsoft Exchange Online Protection (EOP)
Microsoft Exchange Online Protection (EOP) is a cloud-based service that provides email filtering designed to protect organizations against spam, malware, and other email-based threats. Continue Reading
-
Definition
17 Apr 2023
Microsoft Azure Key Vault
Microsoft Azure Key Vault is a cloud-based security service offered by Microsoft as part of its Azure platform. Continue Reading
-
Tutorial
12 Apr 2023
How to create fine-grained password policy in AD
Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
-
Tutorial
12 Apr 2023
How to enable Active Directory fine-grained password policies
Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
-
Tutorial
17 Mar 2023
How to transfer FSMO roles with PowerShell
You might need to shift Active Directory FSMO roles for a few reasons. If you need to do it more than once, there's a way to automate the procedure with PowerShell. Continue Reading
-
Tip
06 Mar 2023
How to upload and download files with PowerShell FTP script
By using the .NET WebClient class and PowerShell, Windows admins can upload and download files to FTP. Review the general process and corresponding examples to get started. Continue Reading
-
Tip
16 Feb 2023
How to filter Security log events for signs of trouble
Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
-
Definition
08 Dec 2022
global catalog (Active Directory)
A global catalog is a data storage source containing partial representations of objects found in a multi-domain Active Directory Domain Services forest. Continue Reading
-
Tutorial
28 Nov 2022
How to build an Azure AD user report with Microsoft Graph
Microsoft Graph will be the way forward to manage users and devices that connect to Office 365. Learn how to gather information and perform tasks, such as license assignments. Continue Reading
-
Tutorial
14 Apr 2022
Get started with Azure AD entitlement management automation
Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
-
Definition
14 Apr 2022
Microsoft Identity Manager
Microsoft Identity Manager -- also called Microsoft Identity Manager 2016 or MIM -- is an on-premises tool that enables organizations to manage access, users, policies and credentials. Continue Reading
-
Definition
12 Apr 2022
Microsoft Windows Update
Microsoft Windows Update is a security service for Windows users that, once activated, automatically searches for and installs updates. Continue Reading
-
Tip
01 Apr 2022
Why and how to create Azure service principals
Service principals let cloud admins control access to Azure resources. Follow this step-by-step example to get started. Continue Reading
-
Definition
31 Mar 2022
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
-
Tip
29 Mar 2022
Deploy an information barrier policy for Microsoft Teams
Mistakes happen, but can be costly when they involve compliance. Office 365 information barriers can prevent inadvertent sharing to protect the organization's sensitive data. Continue Reading
-
Tutorial
01 Mar 2022
Learn to adjust the AdminCount attribute in protected accounts
It's critical to know how to change the settings for protected accounts and groups in Active Directory to avoid serious problems. PowerShell can make quick edits to keep order. Continue Reading
-
Definition
25 Feb 2022
passphrase
A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Continue Reading
-
Tutorial
17 Feb 2022
Build your knowledge of Azure AD conditional access policies
The rapid pace of change in the modern workplace requires new methods to control who has access to what. This Azure Active Directory feature can help IT meet those security goals. Continue Reading
-
Definition
23 Dec 2021
domain controller
A domain controller is a type of server that processes requests for authentication from users within a computer domain. Continue Reading
-
Tutorial
20 Dec 2021
How to perform Azure AD bulk operations with PowerShell
Microsoft offers multiple ways to manage users and groups in Azure Active Directory. PowerShell is one option, but it requires knowing which module to use to handle coverage gaps. Continue Reading
-
Tutorial
10 Dec 2021
Microsoft Teams lifecycle management with PowerShell and Graph
A rushed Microsoft Teams deployment could lead to unintended gaps in security and governance. Here's how to use PowerShell and the Microsoft Graph to regain control. Continue Reading
-
Tip
06 Dec 2021
Why you should plan to upgrade to Azure AD Connect v2 soon
Administrators who rely on an Azure AD Connect v1 version for hybrid identity with Office 365 should prepare for the impending retirement of several technologies in the utility. Continue Reading
-
Tutorial
21 Sep 2021
Working with the Microsoft Defender for Identity portal
The security product, formerly Azure Advanced Threat Protection, taps into the cloud to uncover suspicious activity across the on-premises network. Continue Reading
-
Tip
24 Aug 2021
Boost security with Office 365 privileged access management
Understand how to thwart cyber attacks on privileged user accounts on Microsoft's collaboration platform to avoid becoming that next security breach statistic. Continue Reading
-
Definition
30 Jul 2021
Active Directory Domain Services (AD DS)
Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database. Continue Reading
-
Tip
22 Jun 2021
Get a grasp on using group managed service accounts
When you create a group managed service account, it relieves some administrative duties and bolsters the security related to passwords for services in a Windows environment. Continue Reading
-
Definition
07 Jun 2021
active directory
Active Directory (AD) is Microsoft's proprietary directory service. Continue Reading
-
Tip
13 Apr 2021
Azure MFA NPS extension boosts authentication capabilities
With help from the Network Policy Server extension, organizations can expand their on-premises authentication features by tapping into Microsoft's cloud. Continue Reading
-
Tip
26 Mar 2021
Stay in control with Azure AD Privileged Identity Management
Rampant use of elevated privileges can prove hazardous to enterprises. Rein in access and manage resource access with help from this Azure Active Directory feature. Continue Reading
-
Tutorial
26 Feb 2021
Learn to use a PowerShell call function from another script
Don't use the same lines of code in several places in your scripts. Learn how to use functions and reap the benefits of a more streamlined approach. Continue Reading
-
Tip
22 Dec 2020
Azure AD Premium P1 vs. P2: Which is right for you?
Azure Active Directory is more than just Active Directory in the cloud. See how the premium editions of the directory service stack up to find the best fit for your organization. Continue Reading
-
Tip
17 Nov 2020
Explore the benefits of Azure AD vs. on-prem AD
A move to Office 365 doesn't require cutting the cord from on-premises Active Directory, but it is an option. Here's what you need to know when comparing Azure AD vs. on-prem AD. Continue Reading
-
Feature
31 Aug 2020
Securing Active Directory also involves good backup practices
The 'Active Directory Administration Cookbook' covers what admins can do in advance to bring the identity and access management platform back online after an attack. Continue Reading
-
Tip
07 Aug 2020
Techniques to troubleshoot Active Directory issues
Active Directory runs several key operational duties, such as validating access to resources. Keep the system from breaking down with help from these diagnostic methods. Continue Reading
-
Tip
08 Jul 2020
Active Directory replication troubleshooting tips and tools
When replication between domain controllers breaks down, just about everything else will grind to a halt. These utilities can help pinpoint the Active Directory issues. Continue Reading
-
Tutorial
04 May 2020
Find and lock down lax Windows share permissions
With help from PowerShell, you can identify the shares that need adjustments across your infrastructure then use a script to fix them to protect sensitive data. Continue Reading
-
Opinion
27 Apr 2020
Remote access is just one of many COVID-19 IT challenges
The coronavirus outbreak stretched many in IT to the limit of their abilities to find ways to accommodate the surge in remote workers. Continue Reading
-
Tip
08 Apr 2020
Active Directory nesting groups strategy and implementation
Does your current Active Directory permissions setup spark joy? If not, then it's time to unscramble that confusing design into something that's easier to use and maintain. Continue Reading
-
Tip
19 Feb 2020
How to fortify your virtualized Active Directory design
It takes a little work to fine-tune your Active Directory deployment, but the benefits will result in little to no service interruptions to your users if an outage occurs. Continue Reading
-
Tip
27 Jan 2020
Using Azure AD conditional access for tighter security
The cloud-based identity and access management service does not come with certain defensive features turned on by default, which administrators should rectify. Continue Reading
-
Feature
23 Dec 2019
PowerShell tutorials capture attention of admins in 2019
Interest in automation continues to trend upward for administrators of Windows systems, particularly when it involves PowerShell. Continue Reading
-
Tutorial
17 Dec 2019
Get back on the mend with Active Directory recovery methods
Administrators should have a few of these data protection techniques up their sleeves to keep Active Directory from a total breakdown. Continue Reading
-
Tutorial
27 Sep 2019
Implement automated employee onboarding with PowerShell
Your time is precious and you shouldn't waste it by clicking through menus to set up a new user. Look at these code examples to put together your own provisioning script. Continue Reading
-
Tip
25 Sep 2019
How to rebuild the SYSVOL tree using DFSR
Active Directory is the key component in many organizations to keep tabs on access and identity. If the SYSVOL directory disappears, these steps can get the system fixed. Continue Reading
-
Tip
19 Jul 2019
Construct a solid Active Directory password policy
Most user authentication still relies on a strong password to keep attackers at bay. Here's how to keep your guard up without adding to your administrative workload. Continue Reading
-
Tip
24 Jun 2019
How to locate privileged accounts in Active Directory
IT administrators must be able to identify privileged accounts in Active Directory for a more secure enterprise; two methods can make the task easier. Continue Reading
-
Tutorial
26 Feb 2019
Set up users with key PowerShell Active Directory commands
User management in Active Directory doesn't have to fill you with click-induced anxiety. Try these PowerShell tips for a more efficient way to get this work done. Continue Reading
-
News
12 Feb 2019
Microsoft zero-day vulnerability closed on Patch Tuesday
Administrators should prioritize patching systems affected by a zero-day vulnerability resolved by the February Patch Tuesday updates. Continue Reading
-
Answer
12 Feb 2019
What key SDN features are in Windows Server 2019?
Microsoft SDN capabilities got a boost in Windows Server 2019 to wrap more security around VMs and make networking tasks less painful to execute. Continue Reading
-
Tutorial
25 Jan 2019
How to configure SSL on IIS with PowerShell
SSL encryption is a necessary component when building an IIS website that communicates with the outside world. Use this PowerShell tutorial to streamline the deployment process. Continue Reading
-
Answer
15 Jan 2019
How does Azure Update Management handle integration?
Azure Update Management works with other Microsoft administrative tools to give IT pros a more complete offering to patch operating systems. Continue Reading
-
Tip
14 Jan 2019
How to set up and enforce Azure multifactor authentication
Azure Active Directory offers multifactor authentication to further secure login credentials. Get started with these instructions to set up this Microsoft cloud service. Continue Reading
-
News
08 Jan 2019
Light January Patch Tuesday follows IE out-of-band security update
Administrators should prioritize an out-of-band patch that addresses an Internet Explorer zero-day before tackling the 47 vulnerabilities corrected by the January Patch Tuesday fixes. Continue Reading
-
Tip
30 Nov 2018
Stay in control with these Active Directory basics
Administrators have an ever-increasing number of resources to handle and permissions to track, but they can cut this seemingly impossible task down to size with Active Directory. Continue Reading
-
Tip
16 Nov 2018
Understanding what Azure AD federation really means
A company that adopts SaaS apps to get work done can ease the transition by implementing a single sign-on method. Learn how to set up this arrangement in a secure manner. Continue Reading
-
Quiz
17 Oct 2018
Can this Active Directory quiz stump you?
How much do you know about Active Directory? Find out with this Active Directory quiz on the service's basics, structure and capabilities. Continue Reading
-
Tutorial
10 Oct 2018
How to manage Active Directory groups with 7 PowerShell commands
Managing users, devices and other resources with Active Directory doesn't always require a GUI tool. Try PowerShell to streamline some of your administrative workload. Continue Reading
-
Answer
06 Sep 2018
How does AD DS differ from Microsoft Azure Active Directory?
On-premises Active Directory or Azure AD? It doesn't have to be an either/or situation, as more cloud services are making their way into traditional data center environments. Continue Reading
-
Answer
21 Aug 2018
Understand Active Directory basics for enterprise success
You can't get the most out of a tool unless you understand its features. This tip explains the basics of Active Directory and how it controls access and maintains order. Continue Reading
-
Tip
13 Jun 2018
Organize Active Directory with these strategies
Administrators tasked with cleaning up the Active Directory user group structure need not search any further. Use these tips to avoid Active Directory maintenance headaches. Continue Reading
-
Opinion
25 May 2018
Breaking down the Exchange Online vs. on-premises choice
The continuous feature release model of Exchange Online might be a boon for some, but others might consider the need for constant training to be a detriment. Continue Reading
-
Tip
22 Jun 2017
Debug an Active Directory domain join failure on Windows Server
The domain join process typically works without issue. But when a device can't connect to Active Directory, the administrator must seek the culprit from the usual suspects. Continue Reading
-
Definition
10 Jan 2017
Microsoft Online Services Sign-In Assistant
The Microsoft Online Services Sign-In Assistant is a software application that provides common sign-on capabilities for a suite of Microsoft online services, such as Office 365. Continue Reading
-
Conference Coverage
25 Aug 2016
Microsoft Ignite 2016 conference coverage
Find all the independent reporting and analysis from the Microsoft Ignite conference 2016 in one place. Continue Reading
-
Feature
11 May 2016
Crunching the costs of Microsoft Exchange on-premises vs. cloud services
Security concerns are less of an issue for most organizations, but do the costs of using Exchange on premises vs. the Office 365 mail service stack up? Continue Reading
-
Tip
05 May 2016
Start using the PowerShell pipeline with this example
An administrator can create functions to support the PowerShell pipeline, which improves upon text-based shells by allowing the scripter to pass objects across the pipe. Continue Reading
-
Tip
24 Mar 2016
PowerShell script examples and reference guide for admins
Microsoft unveiled PowerShell in 2006, but many Windows administrators are still unaware of the tremendous amount of resources available to help automate numerous tasks. Continue Reading
-
Tip
16 Mar 2016
Use the admin center for some Office 365 administration
Administrators can choose the admin center or PowerShell for Office 365 management -- the best option depends on the circumstances. Continue Reading
-
Tip
04 Feb 2016
Six alternative Hyper-V management tools
There are a number of third-party Hyper-V management tools available for organizations that need to handle a few dozen nodes. Continue Reading
-
Answer
17 Dec 2015
What are my options for Azure ExpressRoute connections?
For companies that need a private connection and full access to different Azure regions, Microsoft offers a premium version of Azure ExpressRoute. Continue Reading
-
Answer
23 Nov 2015
How can I share Outlook calendars from the EMC?
Is there a way to gain access to multiple users' calendars from the Exchange Management Console in Exchange 2010? Continue Reading
-
Feature
30 Oct 2015
Office 365 issues that torment email admins
Tricky Office 365 problems are no treat to the IT admin. Fix the nuisances that corrupt your email with these troubleshooting treats. Continue Reading
-
Tip
01 Jun 2015
A Windows Server 2016 Group Policy walkthrough
Administrators who work with Group Policy will appreciate that the structure hasn't changed in Windows Server 2016, but there are new policies unique to the release worth noting. Continue Reading
-
Tip
20 Feb 2012
Using Microsoft PerfView to profile process performance data
Microsoft made its internal performance monitoring tool available to the public. Here's how it offers an advanced peek at application processes. Continue Reading
-
Feature
07 Feb 2012
Microsoft Exchange Online explained
With all the chatter around hosted services these days, it pays to know about Exchange Online. Get a handle on its benefits and drawbacks. Continue Reading
-
Tip
01 Nov 2011
Best Practices for Active Directory forest trusts
The more domains you manage, the more you rely on forest trusts. Follow these tips to manage your AD infrastructure – and maintain your sanity. Continue Reading
-
Tip
28 Sep 2011
Exchange 2010 auditing tools to track admin, end-user behavior
Compliance rules make tracking admin and email users a necessary evil. Thankfully, audit logging tools in Exchange 2010 can help. Continue Reading
-
News
14 Jun 2010
Microsoft works to extend identity management to the cloud
A major theme at Microsoft TechEd 2010 was the company's goal to extend familiar identity management capabilities to cloud computing environments. Continue Reading
-
Feature
24 Feb 2009
Quest Authentication Services
Quest Authentication Services allows organizations to extend Active Directory (AD) to Unix, Linux and Mac platforms and enterprise applications. It enables the unification of identities and directories for simplified identity and access management. Continue Reading
-
Tip
05 Feb 2009
How to revoke and delete Active Directory user certificates
In this Ask the Expert Q&A, our identity and access management expert examines how to set up Active Directory autoenrollment feature to revoke and delete user certificates on the Certificate Authority (CA) automatically. Continue Reading