[Microsoft Solution Accelerators] Microsoft Assessment and Planning Toolkit 8.5 Beta available

Microsoft Assessment and Planning Toolkit 8.5 Beta is available.

Accelerate your Windows Server 2012 migration with MAP 8.5 Beta!

Accelerate your Windows Server 2012 migration with Microsoft Assessment and Planning (MAP) Toolkit 8.5. This latest version of MAP adds new scenarios to help plan your environment with agility and focus while lowering the cost of delivering IT. Included in MAP 8.5 are hardware and infrastructure readiness assessments to assist you in planning the deployment of Windows 8 and Windows Server 2012, preparing your migration to Windows Azure Virtual Machines, readying your environment for Office 2013 and Office 365, and tracking your usage of Windows Server, Lync, SharePoint, and Exchange.

Key features and benefits of MAP 8.5 Beta help you:

• Newly designed user interface makes it easier to find and use the right MAP scenario for the task at hand.
• Usage tracking scenarios for Lync, SharePoint and Exchange have been updated to include the latest versions.
• Advances in virtual machine discovery offer improved VM inventory results.
• New Windows Volume Licensing scenario helps identify the licensing status of your desktop computers. 

Key features and benefits in more detail:

Newly designed user interface

The MAP Toolkit 8.5 Beta features a newly designed user interface which provides a more intuitive user experience. Scenarios have been organized into Scenario Groups to allow quick navigation and display at-a-glance summaries on individual scenario tiles. Details for each scenario can be found in the Scenario Detail Pages along with a checklist of steps needed to maximize your results and enable one-click report generation.

Lync 2013, SharePoint 2013, and Exchange 2013 Usage Tracking Support

Groundbreaking new releases of Lync, SharePoint, and Exchange have been brought to market this year. These products enable IT organizations and their end users greater efficiency, productivity and flexibility than ever before. With the release of the MAP Toolkit 8.5 Beta, the usage tracking scenarios within MAP have been updated to leverage new usage tracking capabilities provided within Lync, SharePoint, and Exchange resulting in less administrative effort and greater accuracy to collect and report on end user access to these servers.

Enhanced Virtual Machine discovery

Server virtualization has become the standard method for optimizing an organization's resource utilization, availability, and agility. The MAP Toolkit 8.5 Beta assists in the effort to virtualize with added discoverability of virtual machines for software asset location and reporting to facilitate license compliance for highly virtualized environments. Additionally, the MAP Toolkit now includes enhanced inventory reports which detail the virtual machines discovered, as well as the total number of virtual machines running on each host.

Windows Volume Licensing scenario helps to Identify license status of computers running Windows Vista SP1 and newer

Microsoft Volume Licensing gives you flexible, cost-effective access to the Microsoft products and services that your business is built upon. The MAP Toolkit 8.5 Beta provides the ability to detect and report on the volume license status of client computers in your enterprise so you can rest assured that you are in full compliance with your volume license agreement. 

The tool is available here : Microsoft Assessment and Planning Toolkit 8.5 Beta

[Active Directory] Hiding Data in Active Directory

Here is an interesting blog series from Guido Grillenmeier presenting differents way to hide data in Active Directory.

Here are the 4 parts :

• Hiding Data in Active Directory
• Hiding Active Directory Objects and Attributes
• Enabling List Object Mode in a Forest
• Using the Confidentiality Bit to Hide Data in Active Directory

[Active Directory] AD ACL Scanner Tool

Robin Grandberg from Platform PFE's in Sweden Blog has released a great tool to create reports of access control lists in Active Directory.

This tool has the following features:

•     View HTML reports of ACLs and save it to disk.
•     Export ACLs on Active Directory objects in a CSV format.
•     Connect and browse you default domain, schema , configuration or a naming context defined by distinguishedname.
•     Browse naming context by clicking you way around, either by OU’s or all types of objects.
•     Report only explicitly assigned ACLs.
•     Report on OUs , OUs and Container Objects or all object types.
•     Filter ACLs for a specific access type.. Where does “Deny” permission exists?
•     Filter ACLs for a specific identity. Where does "Domain\Client Admins" have explicit access?
•     Filter ACLs for permission on specific object. Where are permissions set on computer objects?
•     Skip default permissions (defaultSecurityDescriptor) in report. Makes it easier to find custom permissions.
•     Report owner of object.
•     Compare previous results with the current configuration and see the differences by color scheme (Green=matching permissions, Yellow= new permissions, Red= missing permissions).
•     Report when permissions were modified
•     Can use AD replication metadata when comparing.
•     Can convert a previously created CSV file to a HTML report. 

For more information : Take Control Over AD Permissions and the AD ACL Scanner Tool
The tool is available here : https://adaclscan.codeplex.com/

[Active Directory] Deploying Office 365 Single Sign-On using Windows Azure

Microsoft has just published this new document.

This document is intended for system architects and IT professionals who want to understand the architecture and deployment options for extending the on-premises Active Directory infrastructure with Windows Azure Virtual Machines to implement directory synchronization and single sign-on for Office 365.

The document is available here : Deploying Office 365 Single Sign-On using Windows Azure

[Security] System Hardening Part 1

I would like to start a new blog series about this subject that I find very important and which isn't well documented. This blog series will only deal with Microsoft's systems but system hardening apply to all systems.

What is System Hardening ?

System Hardening (or OS Hardening) is the process to address the weaknesses and security vulnerabilities in operating systems. 

System Hardening is performed by applying the latest patches and updates as well as follow specific procedures and policies to reduce the attack surface of the system.

Why should you use System Hardening and what are benefits ?

If you ask an IT guy about security level in its company, he’ll mostly say that there are Firewalls, IDS/IPS, Anti-Virus, Updates policies, Proxy/Reverse Proxy, VPN, DMZ and that they feel safe with that.
 
Most of companies I worked for don’t know about system hardening. And when they have heard of it, they think it’s too complex to implement or they feel safe enough to not use it.

But you have to consider the following assumptions :

• What will happen if someone gets in your infrastructure ?
• What will happen if one of your employees turns rogue ?
• Are you sure all your systems are configured the same way and well-configured ?

ALL systems have weakness and vulnerabilities, system hardening will help mitigate external and internal threats but also misconfigurations.


System Hardening will help you to :

• Increase the level of infrastructure security
• Enhance the availability of infrastructure
• Be compliant with best practice
• Improve infrastructure performance
• Avoid misconfigurations 

So if you are concerned by security, you have to implement System Hardening.

What next ?

Later in this blog series I will present you some tools which can help you to implement System Hardening.


For today, I'll finish this post by presenting a tool which can help you to measure security level of your infrastructure : Microsoft Security Assessment Tool 4.0 

Even if this tool isn't System Hardening related, it's an interesting tool. 

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure. 

The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources may assist you in keeping you aware of specific tools and methods that can help change the security posture of your IT environment.

This tool is available here : Microsoft Security Assessment Tool 4.0


First you have defined your company's profile (approximately 50 questions).

After that, you could make the security assessment.
It could be interesting to do several assessment with different persons like CTO, CISO, IT Architect ...  to see their personnal vision of the company's security level.

After you finished the assesment you get a summary report of your security level.

A full detailed report is also available and which could be exported.

And you can also upload anonymously your assessment and compare results with other companies.

That's it for this first part,we'll see in the next part which tools you can use to implement System Hardening.

[Security] 2 new security documents published by the NSA

The National Security Agency has published in march 2 new documents about security.

The first one is titled "Spotting the Adversary with Windows Event Log Monitoring".
This white paper provides an introduction to collecting important Windows workstation event logs and storing them in a central location for easier searching and monitoring of network health using the built-in tools already available in the Microsoft Windows operating system.

The first document is available here : Spotting the Adversary with Windows Event Log Monitoring


The second one is titled "Reducing the Effectiveness of Pass-the-Hash"
In December 2012, Microsoft released a whitepaper which discusses PtH in-depth (available here : Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques ), identifies numerous risk factors that make an organization highly vulnerable to PtH, and describes several mitigations. The purpose of this document is to expand on the ideas presented in the Microsoft's white paper and to provide guidance.

The second document is available here : Reducing the Effectiveness of Pass-the-Hash

[Active Directory] Windows Azure Active Directory Videos

I've already blog about WAAD cartoon in january ( see : Windows Azure Active Directory Cartoon )

4 new videos are available at Channel 9 :

[Active Directory] Windows Server 2012: Planning for Active Directory Forest Recovery White Paper Updated

Microsoft has updated Planning for Active Directory Forest Recovery White Paper for Windows Server 2012.

This guide contains best-practice recommendations for recovering an Active Directory forest, if forest-wide failure has rendered all domain controllers in the forest incapable of functioning normally. The procedure steps in this guide, which you must customize for your particular environment, describe how to recover the entire Active Directory forest to a point in time before the critical malfunction. They also ensure that none of the restored domain controllers replicates from a domain controller with potentially dangerous data. The procedures apply to Active Directory Domain Services (AD DS) in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, and the Active Directory® directory service in Windows Server 2003.


The white paper is available here : Windows Server 2012: Planning for Active Directory Forest Recovery