Core Infrastructure and Security Blog

Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Options
533
BrandonWilson on Jul 13 2024 11:18 AM
2,154
BrandonWilson on Jul 10 2024 07:59 PM
1,242
absharan on Jul 08 2024 08:54 PM
2,061
WillAftring on Jul 01 2024 05:53 AM
25.3K
Naj Shahid on Jun 27 2024 01:25 PM
2,238
Heinrich_Gantenbein on Jun 24 2024 09:00 AM
3,191
wernerrall on Jun 17 2024 12:00 AM
2,452
wernerrall on Jun 10 2024 12:00 AM
6,069
BrandonWilson on Jun 01 2024 02:19 PM
3,472
Chad Cox on May 30 2024 09:00 AM
5,319
GregorWohlfarter on May 29 2024 04:23 AM
5,173
BrandonWilson on May 27 2024 09:16 PM
2,575
wernerrall on May 20 2024 01:19 AM
3,211
Arnab Mitra on May 17 2024 07:27 AM
128K
Erin Chapple (BOURKE-DUNPHY) on May 14 2024 03:47 PM
3,150
Heinrich_Gantenbein on May 01 2024 08:47 AM
3,607
fbinotto on Apr 28 2024 11:45 PM
2,574
HoussemDellai on Apr 22 2024 09:00 AM
18.3K
JerryDevore on Apr 15 2024 03:01 PM
5,769
WillAftring on Apr 08 2024 06:41 AM
7,859
BrandonWilson on Apr 06 2024 07:24 PM
2,936
PavelYurenev on Apr 04 2024 09:00 AM
6,832
hspinto on Apr 01 2024 12:00 AM
3,678
khgandhi on Mar 28 2024 09:46 AM
3,201
Bruno Gabrielli on Mar 21 2024 01:00 AM
19.1K
Paul Bergson on Mar 19 2024 04:30 AM
5,942
fbinotto on Mar 14 2024 01:30 AM
6,436
PaulHarrison on Mar 11 2024 03:00 AM
4,730
sairashaik on Mar 06 2024 06:01 PM
20.8K
JerryDevore on Mar 04 2024 06:38 AM

Latest Comments

Hi together, just a small update on my further tests, as soon as you have set up a BI-directional trust between the bastion and the resource forest and additionally granted the users the "allow2authenticate" right on the computer objects in the target forest (also necessary if forest-wide authentica...
0 Likes
in Protecting Tier 0 the Modern Way on Jul 12 2024 12:30 AM
HI @henrymoehsel , Kerberos Authentication Policies do not work cross forest logon. This means you can't get a TGT if you logon to a computer joined to a foreign forest. But you can access to computer in the foreign forest with any connection who doesn't request an interactive logon. e.g. WinRM or P...
1 Likes
Hi @Simone_Oor,for these permissions and applications, where the usage of Shadow Principals is possible, I use SPs. That's the most Hello @Simone_Oor,I use SPs for these authorizations and applications where the usage of shadow principals is possible. In the target scenario, the corresponding SPs ar...
0 Likes
in Protecting Tier 0 the Modern Way on Jul 11 2024 12:49 AM
@henrymoehsel Do you use ESAE users into resource domain Domain Local Group nesting, or do you work with Shadow Principals ? (I have a bastion forest set up that may allow me some testing next week)
1 Likes
Hi - Thank you for all the information in this article. I have a strange behavior that I can't explain. I have adjusted the attribute on computer objects from 31 to 28 to remove DES support. On one computer object, the attribute is automatically changed back from 28 to 31. There is no GPO set and no...
0 Likes