Directory
Are you looking for information about Active Directory? In this archive you will find all our posts about Active Directory.
-
Windows Hello for Business: Enhanced Security with Multi-Factor Unlock
Passwords alone no longer provide sufficient protection against data loss and unauthorized access. This is where Windows Hello for Business comes into play. This modern authentication method from Microsoft enables companies to authenticate their employees more securely using biometric data such as facial recognition or fingerprints, along with additional unlock factors like PIN codes or trusted signals. Furthermore, Windows Hello for Business supports multi-factor unlock, combining several authentication factors to make device access even more secure. This multi-factor unlock offers a significant security advantage by integrating multiple layers of protection, thereby significantly reducing the risk of security breaches.
-
Kerberos Cloud Trust and Windows Hello for Business: Secure and Seamless Authentication in Hybrid Environments
Kerberos Cloud Trust is a hybrid authentication protocol developed by Microsoft to enable secure and passwordless sign-ins. Kerberos Cloud Trust combines the strengths of Kerberos and Windows Hello for Business to offer a modern, secure, and user-friendly authentication solution. It is particularly useful in hybrid environments where both cloud and on-premises resources are utilized. Users authenticate securely and seamlessly both locally and in the cloud.
-
Microsoft Entra ID: Automatically Roll Over Kerberos Decryption Key
The regular roll over of the Kerberos decryption key is crucial to ensure the security and integrity of seamless Single Sign-On (SSO) in hybrid IT environments. Microsoft recommends rolling over this key every 30 days to close potential security gaps and ensure smooth integration between on-premises Active Directory and Microsoft Entra ID. This process can be automated to minimize administrative effort and ensure continuous security.
-
Securing Identities: Microsoft Authenticator Passkey in Microsoft Entra
A device-bound passkey is a FIDO2-based, phishing-resistant authentication credential where the device generates the private key and stores it securely. Microsoft Entra supports the use of a Microsoft Authenticator passkey. During sign-in, no password is transmitted. Instead, the Authenticator responds to a cryptographic challenge. The private key never leaves the device.
-
Temporary Access Pass in Microsoft Entra: Configuration and Usage
A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods. These secure authentication methods include passwordless methods such as FIDO2 security keys or the Microsoft Authenticator App. The limited time period for access authorisations makes the Temporary Access Pass (TAP) an indispensable tool for security guidelines and compliance requirements.