The regular roll over of the Kerberos decryption key is crucial to ensure the security and integrity of seamless Single Sign-On (SSO) in hybrid IT environments. Microsoft recommends rolling over this key every 30 days to close potential security gaps and ensure smooth integration between on-premises Active Directory and Microsoft Entra ID. This process can be automated to minimize administrative effort and ensure continuous security.
Tag: Directory Page 2 of 4
Are you looking for information about Active Directory? In this archive you will find all our posts about Active Directory.
A device-bound passkey is an advanced security feature implemented in Microsoft Authenticator. It is a unique security key that is tied to a specific device. When a user logs in to their account, they use this key to verify their identity. Since the key is bound to the device, no one else can access the user’s account, even if they know the password, unless they also have access to the device.
A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods. These secure authentication methods include passwordless methods such as FIDO2 security keys or the Microsoft Authenticator App. The limited time period for access authorisations makes the Temporary Access Pass (TAP) an indispensable tool for security guidelines and compliance requirements.
Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams.
Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps.
When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until it is manually deleted.