Azure AD Connect (ADSync) Event 6900

A little while back I was asked to help troubleshoot an issue with Azure AD Connect. Everything was working great before, but all of a sudden Azure AD Connect stopped sync’ing successfully. When looking at the event log on the server, I noticed an ADSync event 6900 that seemed to indicate an issue with MFA. It said “The ADSync service is not allowed to interact with the desktop to authenticate…” as shown below

This event was accompanies by a few others, like Events 904, 906, 659

After logging into Azure AD, I found that a Conditional Access policy has been enabled to enforce MFA on all administrator accounts and this was tripping up the ADSync account. To solve the problem, simply add an exclusion to the policy. You can do this in two ways, either exclude the specific account or exclude the “Directory Synchronization Accounts” role. I chose the latter option

TCA Podcast Episode 61: Inner Warrior

In this episode we had the pleasure of talking to Kexin Ye and hearing her inspirational story of personal growth and how she went from selling Fair trade “coffee to fighting to tech”. We also talk about chaos engineering, technical debt and the importance of a sound cloud strategy.

If you’re interested in chaos engineering, here are some additional links you might want to check out:

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 60: 2022 - New Year, New Undies

We’re back for our first episode of 2022! We had so much fun catching up in-person in Cape Town last month to record this one. In this episode we’re joined by fellow MVP Alistair Pugin to talk through some of our predictions for 2022. Will 2022 be the year of spend? We talk about hybrid cloud, organizational maturity, in-person conferences and Exchange ‘bugs’.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 59: The Red Shirt Tour

I really miss in-person conferences and I’m sure I’m not the only one. We’ve always enjoyed being able to connect with new and old friends and peers, not to mention how incredibly enjoyable it is for us to record our episodes in person. In this episode we talk to Microsoft’s Laurent Bugnion about conferences and events - we cover everything from imposter syndrome, why in-person events may never be the same again and how they have worked tirelessly to scale and make virtual events more engaging for everyone.

Be sure to check out the following resources:

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 58: Data Security and why you should "stop buying stuff.."

Data Security is top of mind for many organizations at the moment with so many of them transitioning to a permanent work from home or hybrid working model. There is however so much more to protecting your data than encrypting it or implementing a DLP tool. In this episode we have a great conversation with Ernie Anderson about Data Security - what it is, where to start, what to consider and why you shouldn’t just run out and buy a tool right away.

For more information on The Cloud Architects podcast, check us out on SoundCloud

Do you have a people problem?

This post was originally published on the ENow Software Blog, you can view the original post here

Many organizations regard their people as their greatest asset. There is no disputing that the ability to hire great talent is a critical component to success, but in today’s pandemic-work-from-home world these great assets could also pose the greatest risk to your business. No amount of technology can account for human nature. You may already have invested in the best security solutions, but all it takes is a single click of a phishing email. I like to refer to this as a people problem – something that technology cannot solve entirely.

Organizational Change Management (OCM) practices have taken off in recent years and I have long been of the opinion that the most successful projects are those with heavy OCM involvement – I’ve experienced it for myself. For the longest time though, we’ve had the tendency to only involve or interact with the user community when we’re about to change something, often times going to great extents to avoid this interaction. Bad actors are constantly evolving and maturing their methodologies. Doesn’t it make sense for us to evolve our awareness and user education programs as well? I have previously written about this and thought I would go into a little more detail.

Security is everyone’s responsibility

Security is everyone’s responsibility – by this I don’t mean everyone in the organization should also become cybersecurity professionals, instead I mean everyone has a responsibility to be diligent in their daily duties and informed about active and emerging threats. I know many organizations already have user education programs in place that typically involve some outdated computer based learning modules that are a required part of employee onboarding. Sometimes these need to be completed once a year. My opinion of these is that in many instances they do nothing more than “tick a compliance box” and are at best a 1999 solution to a 2021 problem. Similarly, some organizations run internal phishing campaigns to test their user community – these are great except when the results of these campaigns are published as top 10 name and shame lists or worse still for disciplinary action instead of being used to educate and empower. It is our responsibility as technologists to help keep our user communities informed and arm them with the knowledge they need to make the right decisions.

Some simple things go a long way

I believe the best approach here is a program that is iterative in nature and uses a combination of process and technology. Engagement and buy-in from the user community is key – fear mongering will not achieve the desired results. It could start with something as simple as a regular company-sponsored lunch and learn – yes, there is some investment required, but if you consider that in 2020 the average cost of a data breach was $3.86 million it will be worthwhile.

Developing a security awareness program isn’t something you can do overnight, and it certainly isn’t something that you can ‘set and forget’. Here are some additional tips that might be useful when planning your program or to help improve the program you already have in place today:

  1. A successful awareness program is not owned solely by Infosec or IT, it involves multiple areas of the organization. Create a steering committee to lead the program, include folks from HR and other relevant parts of the business. Marketing involvement can be particularly fruitful as they can help ‘market’ the program to your user community.
  2. Continuously evolving and up to date messaging is very important and should cover present day threats, not filled with outdated information. My previous post on phishing during covid has some good examples of how bad actors have used world events to craft their attacks.
  3. While certain threat vectors are more prevalent than others, it is important that your awareness program takes a more holistic approach and covers all aspects of security. It should, of course, focus on threats relevant to your business or organization.
  4. Start small. There is no need to invest in expensive tooling in order to have a successful awareness program. Cultural change within the organization is very important and you can’t buy that.
  5. Educate and empower, don’t name and shame.

Lastly, there are some great tools you can use to help make your life easier. The Report Message and Report Phishing add-ins for Outlook and Outlook on the web are a great way to empower users to easily report false positives or false negatives to Microsoft for analysis. It is important however to educate users on the process, the difference between a false positive and a false negative and how their reports are used.

If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, you can use Attack simulation training in the Microsoft Security Center. These simulated attacks are a great teaching aid when used correctly.

TCA Podcast Episode 57: Technologies dont fix problems

Ever wondered what a SIEM is? How about SOAR? In this episode we have a fantastic conversation with ML who helps us understand what these are, how they are different and even how they can work together. We also cover a few other security-related topics and ML shares some great insights and recommendations.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 56: Is Exchange leaking your creds?

If you follow the Microsoft productivity space, you have no doubt seen or heard about the Autodiscovering the Great Leak research paper recently published by Amit Serper, a security researcher at Guardicore. The paper details more than five months’ research into the Autodiscover service used by Microsoft Exchange. Amit’s research was picked up and in many instances misreported by the tech press, which in turn caused a certain degree of panic. We’re deeply passionate about Exchange and have been for a very long time, so we thought it would be a good idea to sit down with Amit to talk through his research and better understand his findings.

During the episode, Amit talks about the following resources:

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 55: Microsoft Security and EDR

We’ve often joked on the show that Microsoft is the world’s largest security vendor and when you consider their massive investment in security-related R&D and innovation it really isn’t far from the truth. We had a great time sitting down with Microsoft’s Stephen Revel recently to talk about the security features and functionality available to customers in Microsoft 365 and hopefully debunk the myth that you can’t be secure without having an M365 E5 license or additional investments in third-party solutions.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 54: Wine and whine

We’ve all heard the statement “Fast, Cheap or Good? Pick two” and it seems this continues to ring true. Does the current rate of innovation and change in technology come at the expense of quality? We recently had the pleasure of sitting down with our friends Martina Grom and Tony Redmond to discuss this and hear about what has been keeping them busy lately.

For more information on The Cloud Architects podcast, check us out on SoundCloud