I learned AD about 8 years ago. I work at a place that uses Entra/Azure AD now. Thank you for this. Security is always top of mind for our crew here. I shared this to our entire team.
I have been working with Active Directory for 20 years. I think it has been evolving nicely with every new release of Windows Server (WS). From WS 2003 significant improvements in Group Policy management over user and computer configurations within the network and also forest trust. Then WS 2008 introduced role-based authentication, providing administrators with more granular control over the assignments of rights and permissions and fine-grained password policies. Then WS 2012 with Dynamic Access Control, Recycle bin and Virtualization support. Then WS 2016 Privileged Access Management and Shielded Virtual machines. To WS 2019 Authentication Policy Silos, Enhanced Time Accuracy and Integration with Azure Active Directory. Havent played around with WS 2022 yet though.
Great post thanks and absolutely I totally agree with you. These are some awesome features. However, you’ll notice that it still does not address fundamental issues regarding passwords. I do believe however the window server 2025 is going to rewrite active directory for the first time, removing its dependency on NTLM at last, so this is definitely worth looking forward to. Thanks again for the great response 👍
Reach out if you want to have a deeper discussion more than happy to dive in a bit with you around some of these concepts and better security options and processes!
This is a great video and I really enjoyed learning about Specops. Your point that 90% of businesses still run AD is spot on. My team is seeing a ton of AD security and hardening projects. Despite Microsoft's marketing, companies will remain hybrid longer than anyone expects. AD is the equivalent of the mainframe in the 90s. I wonder if we will have to recruit AD admins from retirement homes in 10 years 😀. Keep up the great work!
I mean, yeah, fair point. We should enforce users to harden their passwords and stuff. And so they commit unrememberable passwords, with expiring policies enough for them to write down on a post-it or something, comprimising the password anyway.
Very informative video Andy but I wonder how this SpecOps tools interacts with SSPR in Entra ID. Does it has similar "tips screen" as in Windows client or some other way to inform a user why the password is not accepted?
Great video as always! Since MS is appearing to move away from passwords (see Microsoft Account, or Microsoft 365, for example), I think MS should take a serious look to revamp the password policy and, most importantly, try to get rid of passwords in AD.
Ahh thats a topic Im realy intressted in because Im in a ICT school currently learning how to do active directory. What are other options on a windows server to handle all the users, groups, rules?
I learned AD about 8 years ago. I work at a place that uses Entra/Azure AD now. Thank you for this. Security is always top of mind for our crew here. I shared this to our entire team.
Thanks so much :-)
I have been working with Active Directory for 20 years. I think it has been evolving nicely with every new release of Windows Server (WS). From WS 2003 significant improvements in Group Policy management over user and computer configurations within the network and also forest trust. Then WS 2008 introduced role-based authentication, providing administrators with more granular control over the assignments of rights and permissions and fine-grained password policies. Then WS 2012 with Dynamic Access Control, Recycle bin and Virtualization support. Then WS 2016 Privileged Access Management and Shielded Virtual machines. To WS 2019 Authentication Policy Silos, Enhanced Time Accuracy and Integration with Azure Active Directory. Havent played around with WS 2022 yet though.
Great post thanks and absolutely I totally agree with you. These are some awesome features. However, you’ll notice that it still does not address fundamental issues regarding passwords. I do believe however the window server 2025 is going to rewrite active directory for the first time, removing its dependency on NTLM at last, so this is definitely worth looking forward to. Thanks again for the great response 👍
Reach out if you want to have a deeper discussion more than happy to dive in a bit with you around some of these concepts and better security options and processes!
This is a great video and I really enjoyed learning about Specops. Your point that 90% of businesses still run AD is spot on. My team is seeing a ton of AD security and hardening projects. Despite Microsoft's marketing, companies will remain hybrid longer than anyone expects. AD is the equivalent of the mainframe in the 90s. I wonder if we will have to recruit AD admins from retirement homes in 10 years 😀. Keep up the great work!
Absolutely 100% key skill requirement.
I mean, yeah, fair point. We should enforce users to harden their passwords and stuff. And so they commit unrememberable passwords, with expiring policies enough for them to write down on a post-it or something, comprimising the password anyway.
Very informative video Andy but I wonder how this SpecOps tools interacts with SSPR in Entra ID. Does it has similar "tips screen" as in Windows client or some other way to inform a user why the password is not accepted?
I believe so, yes
Great video as always! Since MS is appearing to move away from passwords (see Microsoft Account, or Microsoft 365, for example), I think MS should take a serious look to revamp the password policy and, most importantly, try to get rid of passwords in AD.
💻⌨📲🔍Thank you Andy, Excellent video presentation
Andy I have been getting the run around from Microsoft Canada trying to get a client verification for ms edu. Any recommendations
No idea I’m sorry.
Ahh thats a topic Im realy intressted in because Im in a ICT school currently learning how to do active directory.
What are other options on a windows server to handle all the users, groups, rules?
Watch the video, all will be revealed :-)
Use the AD administrative console and create a whole domain password policy there
It still has limits. Characters, length etc
You forgot to mention this video includes paid promotion!
Not paid
You forgot to mention this whole video is a promotion. There I fixed it. Thanks for putting out the work but I don't think this serves the community.
@@dennisbuswell Promotion for what?