In hybrid Exchange environments, organizations have long been forced to keep an on-premises Exchange Server running just to manage Exchange-related settings for mailboxes already hosted in Exchange Online. Microsoft has been addressing this with the Cloud-Managed Remote Mailboxes feature, and its latest addition — writeback — entered public preview on May 15, 2026. Writeback automatically pushes Exchange attribute changes made in Exchange Online back to your on-premises Active Directory, so internal line-of-business applications that read from AD stay in sync. This article explains what writeback does, what you need to configure it, and how it supports decommissioning your last on-premises Exchange Server.

Source

Microsoft Identity Manager (MIM) 2016 Service Pack 3 (SP3) became generally available on May 14, 2026, after an initial release in late March 2026 that Microsoft quietly withdrew without public explanation. SP3 is primarily a platform compatibility update: it adds support for SQL Server 2022, SharePoint Subscription Edition (SE), and Exchange Server SE. The most technically significant additions are Azure SQL Database support for the Synchronization Service using managed identities and claims-based authentication via Active Directory Federation Services (AD FS) for the MIM Portal. MIM 2016 remains supported until January 9, 2029.

Source

Ce tutoriel explique comment déployer des emplacements réseau sur Windows à l'aide d'une stratégie de groupe AD (via les paramètres de Préférences).

Le post Windows : comment ajouter des emplacements réseau par GPO ? a été publié sur IT-Connect.

Microsoft introduced new SCIM 2.0 APIs for Microsoft Entra. The APIs now support bidirectional provisioning, which allows external identity systems to provision users and groups directly into Entra. SCIM (System for Cross-domain Identity Management) is an open internet standard that defines a common HTTP-based protocol for managing user accounts across different systems. Previously, Entra could only push user data to other applications via SCIM. Now, it also accepts incoming SCIM requests. The APIs follow a consumption-based pricing model, require an Azure subscription, and are generally available in the Microsoft public cloud.

Source

Un ticket de réinitialisation de mot de passe a un coût pour l'entreprise et une interruption de travail pour l'utilisateur. Voici comment résoudre ce problème.

Le post Active Directory : comment éliminer les tickets de réinitialisation de mot de passe ? a été publié sur IT-Connect.

Microsoft's Conditional Access Optimization Agent uses AI to continuously scan your Microsoft Entra ID environment for policy gaps and recommend remediations. It requires a Microsoft Entra ID P1 license and a Microsoft Security Copilot subscription. Several new features are in public preview, including context-aware recommendations, deep gap analysis across all policies, and phased policy rollouts. This article explains what Conditional Access policies are, how the agent works, what you need to run it, and where its limitations lie.

Source

Microsoft's March 2026 Entra update promotes passkey authentication to general availability, introduces a built-in tenant backup feature in public preview, and announces a breaking security change for hybrid environments, taking effect June 1, 2026. Additional changes enforce TLS 1.2 for Entra Connect Health agents and bring several multi-tenant governance capabilities into preview. This article covers changes relevant to administrators managing Microsoft 365 tenants and hybrid Active Directory environments.

Source

Ce tutoriel vous explique comment identifier tous les utilisateurs de votre Active Directory dont un attribut spécifique est vide, à l'aide de PowerShell.

Le post Astuce : rechercher les utilisateurs Active Directory dont un attribut est vide a été publié sur IT-Connect.

OpenRSAT est une alternative aux outils d'administration à distance de Microsoft (RSAT), compatible Windows, Linux et Mac, pour administrer l'AD, le DNS, etc.

Le post OpenRSAT : l’alternative multi-OS et open source pour administrer votre Active Directory a été publié sur IT-Connect.

Starting in April 2026, Windows updates will change the default Kerberos ticket issuance behavior to AES-SHA1 for accounts without explicit encryption settings, while RC4 can still be used where explicitly enabled. This change, driven by CVE-2026-20833, affects every Windows Server environment where service accounts or devices still rely on RC4. Any service account, NAS device, or legacy application not explicitly configured for AES-SHA1 encryption may lose authentication capability. This article explains what Kerberos and RC4 are, what will break in April 2026, and what you must do to prevent outages.

Source

Microsoft has introduced external Multi-Factor Authentication (MFA) as the new, fully integrated OpenID Connect (OIDC)-based way to connect third-party MFA providers, replacing the Custom Controls mechanism that previously enabled external MFA in a more limited way. Custom Controls will be deprecated on September 30, 2026.

Source

Starting with the February 2026 preview updates for Windows 11 24H2 and 25H2, Microsoft has made Group Policy Preferences (GPP) debug logging configurable directly in Local Group Policy via gpedit.msc. Previously, these settings were primarily managed through domain-based Group Policy Objects (GPOs); enabling them via Local Group Policy typically required manually copying the GroupPolicyPreferences .admx/.adml templates into the local PolicyDefinitions store. You can now enable per-CSE (client-side extension) event logging and file-based tracing on individual client devices without a domain controller.

Source