There is an excellent blogpost about federated to Microsoft Cloud accounts lockouts data collection, analysis and mitigation. The article above provides links to the scripts collecting event logs data for Windows Server 2008 R2, 2012 and 2012 R2. But in Windows Server 2016 there were audit enhancements made in AD FS 2016 auditing to make … Continue reading PowerShell script to collect AD FS 2016 bad password sign in attempts data
Month: March 2018
Recently was troubleshooting the issue when no email is sent to the new MFA server users regardless all the configurations seems to be correct. See following official documentation for more details. Because Administrator was able to send the Update email to the end user, we excluded the improper SMTP server configuration. Per MFA server Help … Continue reading Azure Multi-Factor Authentication Server not sending emails out for new users
This post contains info about the device registration flow, troubleshooting tips and constantly updated list of errors and their potential solutions.
You might already have checked for the EventID 105 error solution in my previous post. This time the issue was similar, followed the official instructions - https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-adfs-w2k12 and when restarting the AD FS service we got the EventID 105. Looking at the ADFS Debug logs see new error: Log Name: AD FS Tracing/Debug Source: AD FS … Continue reading Azure Multi-Factor Authentication Server with ADFS – EventID 105 troubleshooting. Part 2
In a raise of popularity of crypto mining there is a shift in the threat landscape. Attackers “are beginning to recognize that they can realize all the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks,” Talos researchers … Continue reading Discover and protect from crypto miners in your network using pfSense firewall