Freshly brewed with Microsoft Azure and Microsoft 365

Tag: PowerShell

Are you looking for information about PowerShell in Microsoft Azure and Microsoft 365? In this archive you will find all our posts about PowerShell.

Azure AD: Roll over Kerberos decryption key

Users can use the same credentials for on-premises and cloud-based services with Seamless SSO. There is no need for recurring prompts to enter credentials between services. The necessary data are automatically synced between Active Directory and Azure Active Directory.

When configuring Seamless SSO, the computer account “AZUREADSSOACC” is created. For security reasons, the Kerberos encryption key for this account should be rolled over every 30 days.

This tutorial describes how to manually roll over the Kerberos decryption key every 30 days.

Multi-factor authentication method analysis

For a security audit, it is necessary to check which multi-factor authentication method is enabled for each individual user in the Microsoft tenant.

The guide can also be used to make users aware of a multi-factor authentication method that may be more convenient for them than they currently have enabled.

The following are possible multi-factor authentication methods.:

  • Mobile App (Microsoft Authenticator)
  • Text message
  • Phone call

Azure AD Connect: Enforcing TLS 1.2

Azure AD Connect no longer supports the following protocols because they are considered insecure.

  • TLS 1.0
  • TLS 1.1

the following services may be affected by the deactivation of the protocols:

  • Azure AD Connect
  • Azure AD-PowerShell
  • Passthrough Authentication Agents (PTA)
  • Applications with Azure AD integration

With TLS 1.2, Azure AD Connect remains executable.

Page 2 of 2

Powered by WordPress & Theme by Anders Norén