PKI Blog

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

Federated Identity Access to Windows Azure Service Bus

Posted by Jake Chang on Nov 13, 2013 4:42:02 AM

Identity Federation is all about trusts. As the diagram shows below, all participants within such identity federation form a cycle of trusts. One can easily extend federated authentication for Windows Azure Service Bus to external user communities with social identity, Windows Azure Active Directory (WAAD) tenant’s cloud identity, or business partner’s identity. It also supports federation protocols such as SAML-P, WS-Fed and OpenID.

Read More

Topics: Federation, Windows Azure Active Directory, SWT token, Cloud, IT Security, Microsoft Security Partner, Identity Federation, security token service (STS), SAML token, Access Control Service, Windows Azure Service Bus, Windows Azure Active Directory (WAAD), identity, Blog, Microsot Azure, Azure, Active Directory, AD, Windows Azure, OpenID, WAAD, SAML-P

FIM Self Service Password Reset: Account Enablement

Posted by Sami Van Vliet on Jun 19, 2013 5:52:51 AM

I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, Microsoft Active Directory, Password reset, Forefront Identity Manager (FIM), Identity Management, Microsoft AD, FIM Password reset, Blog, Self-Service Password Reset, Active Directory, AD

File Server Resource Manager and AD RMS

Posted by Sarah Duncan on Jun 3, 2013 8:06:31 AM

You may have heard of the ability back in Windows Server 2008 R2 to use the File Classification Infrastructure (FCI) feature (part of the File Services role) together with the AD RMS Bulk Protection Tool (a command-line tool) to automatically apply rights protections to documents stored on a file server based on things such as key words in the files. That was a nice feature, but a little clunky to use with the command-line AD RMS Bulk Protection Tool. The good news is that the AD RMS integration has now been incorporated into the File Server Resource Manager on Windows Server 2012, eliminating the need for the AD RMS Bulk Protection Tool in this context. The AD RMS Bulk Protection Tool can also be used outside of FCI whenever you need to bulk encrypt or decrypt a batch of files.

Read More

Topics: Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Microsoft Active Directory, Data Protection, FCI, RMS, command line tool, AD RMS Bulk Protection Tool, Blog, Active Directory, File Server Resource Manager, AD, AD RMS, File Classification Infrastructure (FCI)

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

Microsoft Windows Azure Active Directory

Posted by Jake Chang on Oct 30, 2012 7:13:15 AM

Microsoft Windows Azure Active Directory opens opportunities for people and organizations to use applications anywhere based on cloud ubiquitous connectivity and open standard protocols such as OAuth, SAML-P, WS-Federation and REST API paradigm.

Read More

Topics: IT Security, Microsoft Windows Azure Active Directory, Microsoft Security Partner, Microsoft Azure, Identity Management, Microsoft AD, Blog, Active Directory, AD, Windows Azure, SAML-P

ADFS with Non-Standard HTTPS Port

Posted by Jake Chang on Jun 6, 2012 6:46:35 AM

Recently, CSS was requested by a client to implement an AD FS 2.0 (ADFS) federation solution to meet a very unique security requirement associated with scenarios of external access to internally hosted services.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, HTTPS Port, AD FS 2.0 Federation Server Proxy, ADFS, AD FS 2.0, Blog, Active Directory, AD

Shocked by an Android

Posted by Sarah Duncan on May 23, 2012 8:08:50 AM

Stunned is the word for it. There I was getting to know my new Samsung Galaxy Tab 2, a tablet running Android 4.0 (Ice Cream Sandwich). I configured the built-in Exchange ActiveSync client (using certificate-based authentication, but that's a discussion for another day) and was browsing around the interface when I spotted an oddly familiar-looking icon. "Hmmm," I said, "I wonder what that button does."

Read More

Topics: Active Directory Rights Management Services, Microsoft Active Directory AD, Android Ice Cream Sandwich, IT Security, Industry Trends, Microsoft Active Directory, Samsung Galaxy Tab 2, Data Protection, Ice Cream Sandwich, RMS, Rights Management System, Android 4.0, Android, Blog, AD, AD RMS

The Major Challenge in AD RMS Implementations

Posted by Sarah Duncan on Feb 27, 2012 8:00:25 PM

The major challenge in an AD RMS implementation is not getting the infrastructure up and running or getting the client settings, files and application deployed to all users. It's not making RMS available through your firewall or getting it working with your SharePoint server. No, the major challenge is getting your users to actually use RMS to protect e-mail messages and documents. It's very simple for your users to apply RMS protections to an e-mail or document--it's just a couple clicks--but it's hard to train them to remember to take that extra step. Luckily, there are solutions available to help you automate protections, so you're not entirely relying on your users to take that extra step.

Read More

Topics: Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Data Protection, RMS, Rights Management System, Blog, Microsoft SharePoint 2010, Microsoft Exchange 2010, Active Directory, AD, AD RMS

Apple Products Becoming (Business) Mainstream

Posted by CSS Marketing on Feb 9, 2012 4:00:13 AM

The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world.

The “Consumerization of IT” or BYOD (Bring Your Own Device) has become a common occurrence among all departments, and not surprisingly, Apple is leading the way among what Forrester calls “information” workers — workers that use a computer for work an hour or more per day. And the more senior the individual, the more they are using Apple devices:

  • More than 1 out of 5 (21%) of 10,000 surveyed Information workers use one or more Apple device at work
  • The number of Apple BYOD-ers doubles to 2 out of 5 professionals (41%) for those with the title “Director of IT” or higher
Read More

Topics: digital certificate, Microsoft Active Directory AD, certificates, apple, iOS 5, iPhone, IT Security, Microsoft Security Partner, digital pki, Certificate Reporting Tool, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, Microsoft Public Key Infrastructure, Active Directory Certificate Services, iPad, PKI, Microsoft PKI, iOS management certificates, Microsoft and Apple, iOS, Blog, Active Directory, mobile certificates, BYOD, AD, Got PKI?

Posts by Topic

see all

Want to Learn more about CSS?