Microsoft identity and access management

The distributed nature of the modern workforce requires administrators who are adept at handling Microsoft's identity and access management products to streamline the authentication process and prevent unauthorized access to resources. Get tips to manage identities properly and prevent any security lapses in the enterprise.

Top Stories

Answer 06 Feb 2024
How to set up a Windows Server 2022 domain controller

While the process to migrate from a legacy domain controller is not difficult, it does require advanced preparation to avoid connectivity issues and other problems. Continue Reading
Tutorial 25 Jan 2024
Using Microsoft AD Explorer for common admin tasks

The utility makes it easier to navigate the Active Directory database and features snapshot capabilities with a comparison function to detect where a change caused a problem. Continue Reading

Tutorial 25 Jan 2024

Using Microsoft AD Explorer for common admin tasks

The utility makes it easier to navigate the Active Directory database and features snapshot capabilities with a comparison function to detect where a change caused a problem. Continue Reading
Tip 22 Jan 2024

How to use a Microsoft Entra ID emergency access account

A break-glass account in Microsoft's identity and access management platform helps avoid disruptions in a crisis. Follow these best practices to keep these credentials safe. Continue Reading
Tip 27 Dec 2023

How to manage a migration to Microsoft Entra ID

Thinking of leaving Active Directory behind? A successful move to Microsoft's cloud-based identity and access management platform hinges on how well you've prepared in advance. Continue Reading
Tip 27 Dec 2023

What are the Microsoft Entra ID benefits for on-prem admins?

Active Directory's presence looms large for organizations that rely on Microsoft's venerable directory service for a multitude of tasks tied to identity and access. Continue Reading
Definition 28 Nov 2023

privileged identity management (PIM)

Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments. Continue Reading
Definition 21 Nov 2023

possession factor

The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token. Continue Reading
Tip 13 Nov 2023

What should admins know about Microsoft Entra features?

Microsoft Entra combines new and existing cloud-based products and packages them under a new name. Learn how this change affects identity access management in your organization. Continue Reading
Definition 09 Nov 2023

mandatory access control (MAC)

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Continue Reading
Definition 18 Oct 2023

Google Authenticator

Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources. Continue Reading
Definition 12 Oct 2023

Microsoft Windows Credential Guard

Microsoft Credential Guard is a security feature in Microsoft Windows operating system (OS) that isolates user credentials, such as login information, from the rest of the operating system. Continue Reading
Definition 10 Oct 2023

password entropy

Password entropy is a measurement of a password's strength based on how difficult it would be to crack the password through guessing or a brute-force attack. Continue Reading
Definition 06 Oct 2023

risk-based authentication (RBA)

Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise. Continue Reading
Definition 23 Aug 2023

BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
Definition 14 Aug 2023

Directory Services Restore Mode (DSRM)

Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers. Continue Reading
Definition 31 Jul 2023

Common Access Card (CAC)

A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities. Continue Reading
Definition 09 Jun 2023

logon (or login)

In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
Definition 12 May 2023

Active Directory domain (AD domain)

An Active Directory domain (AD domain) is a collection of objects within a Microsoft Active Directory network. Continue Reading
Definition 11 May 2023

Active Directory functional levels

Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain. Continue Reading
Definition 20 Apr 2023

Microsoft Exchange Online Protection (EOP)

Microsoft Exchange Online Protection (EOP) is a cloud-based service that provides email filtering designed to protect organizations against spam, malware, and other email-based threats. Continue Reading
Definition 17 Apr 2023

Microsoft Azure Key Vault

Microsoft Azure Key Vault is a cloud-based security service offered by Microsoft as part of its Azure platform. Continue Reading
Tutorial 12 Apr 2023

How to create fine-grained password policy in AD

Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
Tutorial 12 Apr 2023

How to enable Active Directory fine-grained password policies

Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
Tutorial 17 Mar 2023

How to transfer FSMO roles with PowerShell

You might need to shift Active Directory FSMO roles for a few reasons. If you need to do it more than once, there's a way to automate the procedure with PowerShell. Continue Reading
Tip 06 Mar 2023

How to upload and download files with PowerShell FTP script

By using the .NET WebClient class and PowerShell, Windows admins can upload and download files to FTP. Review the general process and corresponding examples to get started. Continue Reading
Tip 16 Feb 2023

How to filter Security log events for signs of trouble

Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
Definition 08 Dec 2022

global catalog (Active Directory)

A global catalog is a data storage source containing partial representations of objects found in a multi-domain Active Directory Domain Services forest. Continue Reading
Tutorial 28 Nov 2022

How to build an Azure AD user report with Microsoft Graph

Microsoft Graph will be the way forward to manage users and devices that connect to Office 365. Learn how to gather information and perform tasks, such as license assignments. Continue Reading
Tutorial 14 Apr 2022

Get started with Azure AD entitlement management automation

Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
Definition 14 Apr 2022

Microsoft Identity Manager

Microsoft Identity Manager -- also called Microsoft Identity Manager 2016 or MIM -- is an on-premises tool that enables organizations to manage access, users, policies and credentials. Continue Reading
Definition 12 Apr 2022

Microsoft Windows Update

Microsoft Windows Update is a security service for Windows users that, once activated, automatically searches for and installs updates. Continue Reading
Tip 01 Apr 2022

Why and how to create Azure service principals

Service principals let cloud admins control access to Azure resources. Follow this step-by-step example to get started. Continue Reading
Definition 31 Mar 2022

authentication server

An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
Tip 29 Mar 2022

Deploy an information barrier policy for Microsoft Teams

Mistakes happen, but can be costly when they involve compliance. Office 365 information barriers can prevent inadvertent sharing to protect the organization's sensitive data. Continue Reading
Tutorial 01 Mar 2022

Learn to adjust the AdminCount attribute in protected accounts

It's critical to know how to change the settings for protected accounts and groups in Active Directory to avoid serious problems. PowerShell can make quick edits to keep order. Continue Reading
Definition 25 Feb 2022

passphrase

A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Continue Reading
Tutorial 17 Feb 2022

Build your knowledge of Azure AD conditional access policies

The rapid pace of change in the modern workplace requires new methods to control who has access to what. This Azure Active Directory feature can help IT meet those security goals. Continue Reading
Definition 23 Dec 2021

domain controller

A domain controller is a type of server that processes requests for authentication from users within a computer domain. Continue Reading
Tutorial 20 Dec 2021

How to perform Azure AD bulk operations with PowerShell

Microsoft offers multiple ways to manage users and groups in Azure Active Directory. PowerShell is one option, but it requires knowing which module to use to handle coverage gaps. Continue Reading
Tutorial 10 Dec 2021

Microsoft Teams lifecycle management with PowerShell and Graph

A rushed Microsoft Teams deployment could lead to unintended gaps in security and governance. Here's how to use PowerShell and the Microsoft Graph to regain control. Continue Reading
Tip 06 Dec 2021

Why you should plan to upgrade to Azure AD Connect v2 soon

Administrators who rely on an Azure AD Connect v1 version for hybrid identity with Office 365 should prepare for the impending retirement of several technologies in the utility. Continue Reading
Tutorial 21 Sep 2021

Working with the Microsoft Defender for Identity portal

The security product, formerly Azure Advanced Threat Protection, taps into the cloud to uncover suspicious activity across the on-premises network. Continue Reading
Tip 24 Aug 2021

Boost security with Office 365 privileged access management

Understand how to thwart cyber attacks on privileged user accounts on Microsoft's collaboration platform to avoid becoming that next security breach statistic. Continue Reading
Definition 30 Jul 2021

Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database. Continue Reading
Tip 22 Jun 2021

Get a grasp on using group managed service accounts

When you create a group managed service account, it relieves some administrative duties and bolsters the security related to passwords for services in a Windows environment. Continue Reading
Definition 07 Jun 2021

active directory

Active Directory (AD) is Microsoft's proprietary directory service. Continue Reading
Tip 13 Apr 2021

Azure MFA NPS extension boosts authentication capabilities

With help from the Network Policy Server extension, organizations can expand their on-premises authentication features by tapping into Microsoft's cloud. Continue Reading
Tip 26 Mar 2021

Stay in control with Azure AD Privileged Identity Management

Rampant use of elevated privileges can prove hazardous to enterprises. Rein in access and manage resource access with help from this Azure Active Directory feature. Continue Reading
Tutorial 26 Feb 2021

Learn to use a PowerShell call function from another script

Don't use the same lines of code in several places in your scripts. Learn how to use functions and reap the benefits of a more streamlined approach. Continue Reading
Tip 22 Dec 2020

Azure AD Premium P1 vs. P2: Which is right for you?

Azure Active Directory is more than just Active Directory in the cloud. See how the premium editions of the directory service stack up to find the best fit for your organization. Continue Reading
Tip 17 Nov 2020

Explore the benefits of Azure AD vs. on-prem AD

A move to Office 365 doesn't require cutting the cord from on-premises Active Directory, but it is an option. Here's what you need to know when comparing Azure AD vs. on-prem AD. Continue Reading
Feature 31 Aug 2020

Securing Active Directory also involves good backup practices

The 'Active Directory Administration Cookbook' covers what admins can do in advance to bring the identity and access management platform back online after an attack. Continue Reading
Tip 07 Aug 2020

Techniques to troubleshoot Active Directory issues

Active Directory runs several key operational duties, such as validating access to resources. Keep the system from breaking down with help from these diagnostic methods. Continue Reading
Tip 08 Jul 2020

Active Directory replication troubleshooting tips and tools

When replication between domain controllers breaks down, just about everything else will grind to a halt. These utilities can help pinpoint the Active Directory issues. Continue Reading
Tutorial 04 May 2020

Find and lock down lax Windows share permissions

With help from PowerShell, you can identify the shares that need adjustments across your infrastructure then use a script to fix them to protect sensitive data. Continue Reading
Opinion 27 Apr 2020

Remote access is just one of many COVID-19 IT challenges

The coronavirus outbreak stretched many in IT to the limit of their abilities to find ways to accommodate the surge in remote workers. Continue Reading
Tip 08 Apr 2020

Active Directory nesting groups strategy and implementation

Does your current Active Directory permissions setup spark joy? If not, then it's time to unscramble that confusing design into something that's easier to use and maintain. Continue Reading
Tip 19 Feb 2020

How to fortify your virtualized Active Directory design

It takes a little work to fine-tune your Active Directory deployment, but the benefits will result in little to no service interruptions to your users if an outage occurs. Continue Reading
Tip 27 Jan 2020

Using Azure AD conditional access for tighter security

The cloud-based identity and access management service does not come with certain defensive features turned on by default, which administrators should rectify. Continue Reading
Feature 23 Dec 2019

PowerShell tutorials capture attention of admins in 2019

Interest in automation continues to trend upward for administrators of Windows systems, particularly when it involves PowerShell. Continue Reading
Tutorial 17 Dec 2019

Get back on the mend with Active Directory recovery methods

Administrators should have a few of these data protection techniques up their sleeves to keep Active Directory from a total breakdown. Continue Reading
Tutorial 27 Sep 2019

Implement automated employee onboarding with PowerShell

Your time is precious and you shouldn't waste it by clicking through menus to set up a new user. Look at these code examples to put together your own provisioning script. Continue Reading
Tip 25 Sep 2019

How to rebuild the SYSVOL tree using DFSR

Active Directory is the key component in many organizations to keep tabs on access and identity. If the SYSVOL directory disappears, these steps can get the system fixed. Continue Reading
Tip 19 Jul 2019

Construct a solid Active Directory password policy

Most user authentication still relies on a strong password to keep attackers at bay. Here's how to keep your guard up without adding to your administrative workload. Continue Reading
Tip 24 Jun 2019

How to locate privileged accounts in Active Directory

IT administrators must be able to identify privileged accounts in Active Directory for a more secure enterprise; two methods can make the task easier. Continue Reading
Tutorial 26 Feb 2019

Set up users with key PowerShell Active Directory commands

User management in Active Directory doesn't have to fill you with click-induced anxiety. Try these PowerShell tips for a more efficient way to get this work done. Continue Reading
News 12 Feb 2019

Microsoft zero-day vulnerability closed on Patch Tuesday

Administrators should prioritize patching systems affected by a zero-day vulnerability resolved by the February Patch Tuesday updates. Continue Reading
Answer 12 Feb 2019

What key SDN features are in Windows Server 2019?

Microsoft SDN capabilities got a boost in Windows Server 2019 to wrap more security around VMs and make networking tasks less painful to execute. Continue Reading
Tutorial 25 Jan 2019

How to configure SSL on IIS with PowerShell

SSL encryption is a necessary component when building an IIS website that communicates with the outside world. Use this PowerShell tutorial to streamline the deployment process. Continue Reading
Answer 15 Jan 2019

How does Azure Update Management handle integration?

Azure Update Management works with other Microsoft administrative tools to give IT pros a more complete offering to patch operating systems. Continue Reading
Tip 14 Jan 2019

How to set up and enforce Azure multifactor authentication

Azure Active Directory offers multifactor authentication to further secure login credentials. Get started with these instructions to set up this Microsoft cloud service. Continue Reading
News 08 Jan 2019

Light January Patch Tuesday follows IE out-of-band security update

Administrators should prioritize an out-of-band patch that addresses an Internet Explorer zero-day before tackling the 47 vulnerabilities corrected by the January Patch Tuesday fixes. Continue Reading
Tip 30 Nov 2018

Stay in control with these Active Directory basics

Administrators have an ever-increasing number of resources to handle and permissions to track, but they can cut this seemingly impossible task down to size with Active Directory. Continue Reading
Tip 16 Nov 2018

Understanding what Azure AD federation really means

A company that adopts SaaS apps to get work done can ease the transition by implementing a single sign-on method. Learn how to set up this arrangement in a secure manner. Continue Reading
Quiz 17 Oct 2018

Can this Active Directory quiz stump you?

How much do you know about Active Directory? Find out with this Active Directory quiz on the service's basics, structure and capabilities. Continue Reading
Tutorial 10 Oct 2018

How to manage Active Directory groups with 7 PowerShell commands

Managing users, devices and other resources with Active Directory doesn't always require a GUI tool. Try PowerShell to streamline some of your administrative workload. Continue Reading
Answer 06 Sep 2018

How does AD DS differ from Microsoft Azure Active Directory?

On-premises Active Directory or Azure AD? It doesn't have to be an either/or situation, as more cloud services are making their way into traditional data center environments. Continue Reading
Answer 21 Aug 2018

Understand Active Directory basics for enterprise success

You can't get the most out of a tool unless you understand its features. This tip explains the basics of Active Directory and how it controls access and maintains order. Continue Reading
Tip 13 Jun 2018

Organize Active Directory with these strategies

Administrators tasked with cleaning up the Active Directory user group structure need not search any further. Use these tips to avoid Active Directory maintenance headaches. Continue Reading
Opinion 25 May 2018

Breaking down the Exchange Online vs. on-premises choice

The continuous feature release model of Exchange Online might be a boon for some, but others might consider the need for constant training to be a detriment. Continue Reading
Tip 22 Jun 2017

Debug an Active Directory domain join failure on Windows Server

The domain join process typically works without issue. But when a device can't connect to Active Directory, the administrator must seek the culprit from the usual suspects. Continue Reading
Definition 10 Jan 2017

Microsoft Online Services Sign-In Assistant

The Microsoft Online Services Sign-In Assistant is a software application that provides common sign-on capabilities for a suite of Microsoft online services, such as Office 365. Continue Reading
Conference Coverage 25 Aug 2016

Microsoft Ignite 2016 conference coverage

Find all the independent reporting and analysis from the Microsoft Ignite conference 2016 in one place. Continue Reading
Feature 11 May 2016

Crunching the costs of Microsoft Exchange on-premises vs. cloud services

Security concerns are less of an issue for most organizations, but do the costs of using Exchange on premises vs. the Office 365 mail service stack up? Continue Reading
Tip 05 May 2016

Start using the PowerShell pipeline with this example

An administrator can create functions to support the PowerShell pipeline, which improves upon text-based shells by allowing the scripter to pass objects across the pipe. Continue Reading
Tip 24 Mar 2016

PowerShell script examples and reference guide for admins

Microsoft unveiled PowerShell in 2006, but many Windows administrators are still unaware of the tremendous amount of resources available to help automate numerous tasks. Continue Reading
Tip 16 Mar 2016

Use the admin center for some Office 365 administration

Administrators can choose the admin center or PowerShell for Office 365 management -- the best option depends on the circumstances. Continue Reading
Tip 04 Feb 2016

Six alternative Hyper-V management tools

There are a number of third-party Hyper-V management tools available for organizations that need to handle a few dozen nodes. Continue Reading
Answer 17 Dec 2015

What are my options for Azure ExpressRoute connections?

For companies that need a private connection and full access to different Azure regions, Microsoft offers a premium version of Azure ExpressRoute. Continue Reading
Answer 23 Nov 2015

How can I share Outlook calendars from the EMC?

Is there a way to gain access to multiple users' calendars from the Exchange Management Console in Exchange 2010? Continue Reading
Feature 30 Oct 2015

Office 365 issues that torment email admins

Tricky Office 365 problems are no treat to the IT admin. Fix the nuisances that corrupt your email with these troubleshooting treats. Continue Reading
Tip 01 Jun 2015

A Windows Server 2016 Group Policy walkthrough

Administrators who work with Group Policy will appreciate that the structure hasn't changed in Windows Server 2016, but there are new policies unique to the release worth noting. Continue Reading
Tip 20 Feb 2012

Using Microsoft PerfView to profile process performance data

Microsoft made its internal performance monitoring tool available to the public. Here's how it offers an advanced peek at application processes. Continue Reading
Feature 07 Feb 2012

Microsoft Exchange Online explained

With all the chatter around hosted services these days, it pays to know about Exchange Online. Get a handle on its benefits and drawbacks. Continue Reading
Tip 01 Nov 2011

Best Practices for Active Directory forest trusts

The more domains you manage, the more you rely on forest trusts. Follow these tips to manage your AD infrastructure – and maintain your sanity. Continue Reading
Tip 28 Sep 2011

Exchange 2010 auditing tools to track admin, end-user behavior

Compliance rules make tracking admin and email users a necessary evil. Thankfully, audit logging tools in Exchange 2010 can help. Continue Reading
News 14 Jun 2010

Microsoft works to extend identity management to the cloud

A major theme at Microsoft TechEd 2010 was the company's goal to extend familiar identity management capabilities to cloud computing environments. Continue Reading
Feature 24 Feb 2009

Quest Authentication Services

Quest Authentication Services allows organizations to extend Active Directory (AD) to Unix, Linux and Mac platforms and enterprise applications. It enables the unification of identities and directories for simplified identity and access management. Continue Reading
Tip 05 Feb 2009

How to revoke and delete Active Directory user certificates

In this Ask the Expert Q&A, our identity and access management expert examines how to set up Active Directory autoenrollment feature to revoke and delete user certificates on the Certificate Authority (CA) automatically. Continue Reading