Core Infrastructure and Security Blog
Copied!
Home
Options
271
AMARSIGLIA on 11-01-2019 03:02 PM
264
AMARSIGLIA on 11-01-2019 03:02 PM
170
AMARSIGLIA on 11-01-2019 03:01 PM
158
AMARSIGLIA on 11-01-2019 02:59 PM
172
AMARSIGLIA on 11-01-2019 02:57 PM
147
AMARSIGLIA on 11-01-2019 02:56 PM
150
AMARSIGLIA on 11-01-2019 02:54 PM
142
AMARSIGLIA on 11-01-2019 02:54 PM
140
ktackett on 11-01-2019 02:53 PM
141
ktackett on 11-01-2019 02:51 PM
145
ktackett on 11-01-2019 02:49 PM
143
ktackett on 11-01-2019 02:47 PM
138
ktackett on 11-01-2019 02:44 PM
138
AMARSIGLIA on 11-01-2019 02:41 PM
142
AMARSIGLIA on 11-01-2019 02:38 PM
146
AMARSIGLIA on 11-01-2019 02:38 PM
142
AMARSIGLIA on 11-01-2019 02:37 PM
143
AMARSIGLIA on 11-01-2019 02:36 PM
139
AMARSIGLIA on 11-01-2019 02:36 PM
138
AMARSIGLIA on 11-01-2019 02:35 PM
138
AMARSIGLIA on 11-01-2019 02:34 PM
115
AMARSIGLIA on 11-01-2019 02:32 PM
82
AMARSIGLIA on 11-01-2019 02:32 PM
58
AMARSIGLIA on 11-01-2019 02:31 PM
47
AMARSIGLIA on 11-01-2019 02:30 PM
28
AMARSIGLIA on 11-01-2019 02:30 PM
30
AMARSIGLIA on 11-01-2019 02:30 PM
28
AMARSIGLIA on 11-01-2019 02:30 PM
27
ktackett on 11-01-2019 02:30 PM
26
AMARSIGLIA on 11-01-2019 02:24 PM
Latest Comments
@Paul Bergson; Great Article, my organization has moved to using InTune for BitLocker management and reporting, and it works spectacularly well. However, one thing your article leaves out that we had to learn the hard way: As a Hybrid-Join tenant, BitLocker will only escrow the BitLocker key to AD O...
0 Likes
@Alan La Pietra @ChadWst Thank you for all the additional information and links.Just flagging up that I've tried changing the Domain controller: LDAP server signing requirements setting in the DDCP from None to Required and this changed the ldapserverintegrity registry entry from 1 to 2 (below HKLM\...
0 Likes
Adding some other information Important to point out: LDAP over TLS/SSL communication are already signed as TLS would detect any modification of the payload as it can't be decrypted. The behavior for LDAP simple binds and LDAP simple binds through SSL are as follows: LDAP simple binds are rejected I...
0 Likes
@Alan La Pietra -- Another follow-up to your response. Up til this point I have considered LDAP signing and LDAP CBT mutually exclusive. Is this accurate? For example, could we disable LDAP signing=REQUIRED and move forward with CBT = 1? These changes dont have to be done together right?
0 Likes
Most Enterprise Architecture doesnt even know half of these stuffs, and yet they often agreed to onboard SaaS based applications and let the BAU guys to figure things out.Excellent post!
0 Likes