Microsoft Entra ID introduces synced passkeys to simplify multi-factor authentication and reduce the security risks associated with traditional methods such as passwords and SMS codes. This feature, announced at Microsoft Ignite 2025, enables users to authenticate with biometrics or device PINs without entering passwords when syncing credentials across devices via cloud-based passkey providers. The implementation also includes high-assurance account recovery using government-issued ID verification to restore access when users lose all authentication methods.

Source

Microsoft is enforcing stricter Content Security Policy (CSP) for Entra ID authentication, blocking unauthorized scripts from executing during sign-in. Organizations using browser extensions or third-party tools that inject scripts into login.microsoftonline.com must identify and replace these tools before enforcement, as they will stop functioning while users can still sign in successfully.

Source

IS Decisions’ UserLock is an identity-and-access-management (IAM) tool that adds multi-factor authentication (MFA), contextual access controls, session management, and login auditing to on-premises (or hybrid) Microsoft Active Directory environments to secure and manage all user access. UserLock 13.0 introduces a redesigned interface and strengthened security features for Active Directory environments. The release focuses on simplified navigation, certificate-based authentication, and improved remote access management while maintaining the solution's core identity and access management capabilities.

Source

Ce guide technique explique comment configurer une stratégie d'audit avancée pour l'Active Directory, avec une GPO, en suivant les recommandations de Microsoft.

Le post Active Directory : le guide complet pour configurer une stratégie d’audit avancée a été publié sur IT-Connect.

Recent Microsoft Entra and Windows updates introduce multiple changes across authentication, identity management, and access control. The updates include an option to replace the legacy EdgeHTML WebView with the Chromium-based WebView2 for Entra ID authentication flows, improved identity constructs for AI agents, public preview support for synced passkeys, and expanded self-service account recovery. Additional changes cover jailbreak detection in Microsoft Authenticator, enforcement of a stricter Content Security Policy for browser-based sign-ins, updates to session revocation behavior, and new capabilities in Entra ID Governance, External ID, and Global Secure Access.

Source

Microsoft Entra External ID now supports SMS-based verification for self-service password reset (SSPR), providing external users an additional recovery method beyond email one-time passcodes. The feature entered public preview in September 2025 and includes built-in fraud protection through integration with Microsoft's Phone Reputation platform.

Source

Comparatif complet entre les solutions Specops Software et les outils Microsoft pour la gestion des identités et la sécurité des mots de passe Active Directory.

Le post Active Directory – Sécurité des identités et des mots de passe : comparatif Specops Software vs Microsoft a été publié sur IT-Connect.

Ce guide explique comment fonctionne la synchronisation NTP avec Active Directory et comment bien configurer le client NTP sur un contrôleur de domaine AD.

Le post Active Directory : comment et pourquoi configurer la synchronisation NTP ? a été publié sur IT-Connect.

Microsoft will retire the legacy Windows Internet Name Service after Windows Server 2025, strongly encouraging organizations to transition to DNS by November 2034.

Source

Cet article met en avant des recommandations et des outils que vous pouvez utiliser pour améliorer la sécurité des comptes AD afin d'être conforme au NIS2.

The post Mots de passe, MFA et comptes Active Directory : durcir son environnement pour NIS2 first appeared on IT-Connect.

Windows 11 version 25H2 introduces 42 new Group Policy settings for administrators to manage system behavior, security features, and user interface customization. The update includes options for controlling AI features like Copilot and Recall, removing preinstalled Store apps, and configuring enhanced security protocols for printing and network communications.

Source

Microsoft a corrigé une faille de sécurité dans le mécanisme de délégation Kerberos (CVE-2025-60704) utilisé avec l'Active Directory. Quels sont les risques ?

The post Active Directory : Kerberos impacté par la CVE-2025-60704, quels sont les risques ? first appeared on IT-Connect.

Active Directory domain controllers running Windows Server 2025 with the schema master FSMO role may create duplicate schema attribute values when performing Exchange Server schema extensions, causing replication failures across the entire forest. This issue triggers this error message: Error 8418: The replication operation failed because of a schema mismatch between the servers involved. The issue affects environments attempting to deploy Exchange Server cumulative updates or Exchange Server Subscription Edition. Microsoft has acknowledged this as a known issue in KB5065426.

Source

Microsoft Defender for Identity and Microsoft Secure Score work together to strengthen identity security across on-premises Active Directory and cloud-based Microsoft Entra ID environments by detecting threats and providing actionable recommendations. This article explains how both tools interact, their technical requirements, and what the new recommendations announced in September 2025 mean for organizations.

Source

Microsoft has released significant updates to Administrative Templates (ADMX/ADML files) throughout 2025, introducing new Group Policy options for Windows 11 and Microsoft Office applications. These templates enable IT administrators to manage registry-based policy settings through Group Policy and Microsoft Intune.

Source