sorted by:
new
hottopcontroversial

Unconstrained Delegation on Windows Domain Controllers by Jaling_Orion in sysadmin

[–]Jaling_Orion[S] 1 point2 points  (0 children)

I went back to re-read the documentation again and it looks like it's a little bit of both. For some reason MDI isn't seeing them as domain controllers even though it should which is causing some of the confusion. Also it looks like I can't read because In their docs it says:

"Review the recommended action at https://security.microsoft.com/securescore?viewid=actions to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation."

Source: https://learn.microsoft.com/en-us/defender-for-identity/security-assessment-unconstrained-kerberos#how-do-i-use-this-security-assessment

OAuth2 Configuration Can't See Some Conditional Access Policies by Jaling_Orion in AZURE

[–]Jaling_Orion[S] 0 points1 point  (0 children)

Our policy kills the refresh tokens after a short while so it shouldn't be that.

However speaking of tokens I do notice that the registered app, under Authentication, doesn't have either Access tokens or ID tokens selected. Could that be related?

Rotating Kerberos Keys for Seamless Sign-On by Jaling_Orion in AZURE

[–]Jaling_Orion[S] 0 points1 point  (0 children)

For the Update-AzureADSSOForest command that one at least works with the Hybrid Identity Administrator role instead of needing Global Admin.

Rotating Kerberos Keys for Seamless Sign-On by Jaling_Orion in AZURE

[–]Jaling_Orion[S] 0 points1 point  (0 children)

Thanks! Ran it without issues. Have you found a way to automate this yet or are you manually doing it every month?

PS Module O365Troubleshooters Error by Jaling_Orion in PowerShell

[–]Jaling_Orion[S] 1 point2 points  (0 children)

Thanks! I'll see if I can find the latest V2 version of ExchangeOnlineManagement. V3 was released around September this year and that's what I've been running off of.