Microsoft's March 2026 Entra update promotes passkey authentication to general availability, introduces a built-in tenant backup feature in public preview, and announces a breaking security change for hybrid environments, taking effect June 1, 2026. Additional changes enforce TLS 1.2 for Entra Connect Health agents and bring several multi-tenant governance capabilities into preview. This article covers changes relevant to administrators managing Microsoft 365 tenants and hybrid Active Directory environments.

Source

Ce tutoriel vous explique comment identifier tous les utilisateurs de votre Active Directory dont un attribut spécifique est vide, à l'aide de PowerShell.

Le post Astuce : rechercher les utilisateurs Active Directory dont un attribut est vide a été publié sur IT-Connect.

OpenRSAT est une alternative aux outils d'administration à distance de Microsoft (RSAT), compatible Windows, Linux et Mac, pour administrer l'AD, le DNS, etc.

Le post OpenRSAT : l’alternative multi-OS et open source pour administrer votre Active Directory a été publié sur IT-Connect.

La réutilisation des mots de passe représente une menace sérieuse pour les environnements Active Directory : découvrez pourquoi et comment s'en protéger.

Le post Active Directory : les dangers avec les mots de passe compromis a été publié sur IT-Connect.

Starting in April 2026, Windows updates will change the default Kerberos ticket issuance behavior to AES-SHA1 for accounts without explicit encryption settings, while RC4 can still be used where explicitly enabled. This change, driven by CVE-2026-20833, affects every Windows Server environment where service accounts or devices still rely on RC4. Any service account, NAS device, or legacy application not explicitly configured for AES-SHA1 encryption may lose authentication capability. This article explains what Kerberos and RC4 are, what will break in April 2026, and what you must do to prevent outages.

Source

Microsoft has introduced external Multi-Factor Authentication (MFA) as the new, fully integrated OpenID Connect (OIDC)-based way to connect third-party MFA providers, replacing the Custom Controls mechanism that previously enabled external MFA in a more limited way. Custom Controls will be deprecated on September 30, 2026.

Source

Découvrez pourquoi et comment renforcer la sécurité des comptes de votre Active Directory en réponse à l'émergence d'attaquants assistés par IA.

Le post Active Directory : pourquoi l’IA accélère les attaques sur les mots de passe en 2026 ? a été publié sur IT-Connect.

Microsoft Entra Connect Sync et Entra Cloud Sync sont deux outils de synchronisation des identités entre l'Active Directory et Entra ID, mais lequel choisir ?

Le post Microsoft Entra Connect vs Cloud Sync : quel moteur de synchronisation choisir ? a été publié sur IT-Connect.

Starting with the February 2026 preview updates for Windows 11 24H2 and 25H2, Microsoft has made Group Policy Preferences (GPP) debug logging configurable directly in Local Group Policy via gpedit.msc. Previously, these settings were primarily managed through domain-based Group Policy Objects (GPOs); enabling them via Local Group Policy typically required manually copying the GroupPolicyPreferences .admx/.adml templates into the local PolicyDefinitions store. You can now enable per-CSE (client-side extension) event logging and file-based tracing on individual client devices without a domain controller.

Source

Microsoft Entra Connect will enforce new security hardening measures starting March 2026 to prevent SyncJacking, a sophisticated attack technique that exploits synchronization mechanisms to hijack privileged accounts in hybrid identity environments.

Source

Microsoft released version 1.2.0 of the Microsoft Entra PowerShell module, introducing production-ready support for Agent Identity Blueprints, enhanced application configuration parameters, and modernized invitation APIs. This update consolidates Agent Identity functionality into the main module and delivers new cmdlets for automated identity management across Microsoft Entra ID environments.

Source

Microsoft has initiated a critical security hardening phase for Windows Active Directory domain controllers to address CVE-2026-20833, a Kerberos vulnerability that enables Kerberoasting attacks by allowing attackers to exploit weak RC4 encryption. The January 2026 security updates mark the beginning of a phased transition that will disable RC4 encryption by default and enforce AES-SHA1 as the standard encryption method for Kerberos authentication.

Source

Microsoft Entra ID introduces synced passkeys to simplify multi-factor authentication and reduce the security risks associated with traditional methods such as passwords and SMS codes. This feature, announced at Microsoft Ignite 2025, enables users to authenticate with biometrics or device PINs without entering passwords when syncing credentials across devices via cloud-based passkey providers. The implementation also includes high-assurance account recovery using government-issued ID verification to restore access when users lose all authentication methods.

Source