ADFS – Extranet Smart Lockout (ESL)

Since June 2018, There is this new feature for your AD FS 2016 infrastructure called Extranet Smart Lockout (ESL). The feature is similar to the one present in the Azure cloud called Azure AD Smart Lockout. The feature let you differentiate between sign-in attempts that look like they’re from the valid user and sign-ins from what may be an attacker. As a result, AD FS can lock out attackers while letting valid users continue to use their accounts. This prevents denial-of-service on the user and protects against targeted attacks. This feature only […]

Read More →

AAD – Smart Lockout (SL)

Azure AD Smart Lockout (SL) is a machine intelligence algorithm create to be able to distinguish between genuine users and attackers. It can recognize sign-in coming from valid users and threat them differently than ones of attackers and other unknown sources. The factors include past sign-in behaviour, user’s devices and browsers. By default, smart lockout locks the account from sign-in attempts for one minute after ten failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. The lockout threshold […]

Read More →

Azure AD Connect – How to extend your Active Directory Domain to Azure AD ? Part 3 | Federation

What is exactly a federated solution ? It enables applications to redirect to Azure AD for user authentication instead of prompting for its own password. Federated single sign-on is supported for applications that support protocols such as SAML 2.0, WS-Federation, or OpenID Connect, and is the richest mode of single sign-on. It implements an authentication mechanism that can use federated identity. It separates user authentication from the application code, and delegate authentication to a trusted identity provider. This can simplify development and allow users to authenticate using a wider range […]

Read More →

Introduction to Windows Hello

Windows Hello Business With Windows 10 only, Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. Windows Hello addresses the following problems with passwords: Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. Server breaches can expose symmetric network credentials (passwords). Passwords are subject to replay attacks. Users can inadvertently expose their passwords due to phishing attacks. Windows Hello […]

Read More →

Introduction to Seamless SSO

Password Hash Synchronization or pass-through authentification allow users to use same user name and password to log in to cloud applications but this is not a “Seamless” access. Even they are using same user name and password, when log in to Azure workloads it will prompt for password. Azure AD Seamless SSO automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don’t need to type in their passwords to sign in to Azure AD, and usually, even type in their […]

Read More →

Introduction to Azure AD Connect

Azure AD Connect Azure AD Connect is the tool you install on your on-premise server to integrate your on-premises directories with Azure AD. In addition to directory synchronization, Azure AD Connect provides a wizard-driven experience with two modes Express or Customized for configuring your Azure AD authentication settings and other features.   Features Filtering is used when you want to limit which objects are synchronized to Azure AD. By default all users, contacts, groups, and Windows 10 computers are synchronized. You can change the filtering based on domains, OUs, or attributes. Password […]

Read More →

Azure AD Connect – How to connect your Active Directory Domain to Azure AD ? – Part 2 | Pass-through Authentication

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience – one less password to remember, and reduces IT help desk costs because your users are less likely to forget how to sign in. When users sign in using Azure AD, this feature validates users passwords directly against your on-premises Active Directory. The user tries to access an application, for example, Outlook Web App. If the user is not […]

Read More →