Tag: Security

when Azure subscriptions make sense

I wanted to write this post on when to decide on a new subscription or not.. but then it turned to security – which – as many of you know is close to me as well.. so while the beginning of this post is about “when to choose a new Azure subscription” the conclusion is: […]

Read more

Windows Virtual Desktop – Require MFA – icw Duo Security

MFA for WVD, doesn’t that already exist through Azure AD conditional access? Yes, it does, but its limited to certain scenario’s. With the Azure AD MFA WVD access, you only need to MFA once in order to access any desktop published through WVD. Which got me thinking: what if I want to request an MFA […]

Read more

Privately moving data to Azure Storage

Azure Storage is awesome it’s a durable, highly available, massively scalable cloud storage solution with public endpoints. But what if you don’t want public endpoints. What if you want a private endpoint only? A customer asked me, how can I copy data using Azure Data Factory over my ExpressRoute link to my Azure Storage account […]

Read more

Pass the Hash

When you create a new forest or new domain, you use the Domain Admin credentials. Through the use of the “Administrator” account you can control each and every workstation and server. You can install Exchange, System Center products and much much more. But Microsoft is probably thinking twice now about the framework they have chosen wherein the Administrator is master of your infrastructure.

As the Administrator account is so powerful, it’s a sweet spot for hackers, the target to get. And that’s probably why many people rename the administrator account to Guest (and vice versa) or something else. Many others keep the Administrator name but change the password to a very long one including special characters, but even that seems futile, by the discovery of an advanced hacking technique called Pass The Hash.

Read more