Are My RDP Connections Really Secured by a Certificate?

Hello everyone! Tim Beasley – Platforms PFE coming at you live from the funky fresh jam known as LAS VEGAS! That’s right people! I’m having a blast by the pool at the MGM Grand and loving life!! …writing a blog post for Microsoft. At Vegas. In the sun poolside…writing…a…technical blog post…what’s wrong with me?! Okay… Read more

Rescued by Procmon: The Case of the Certificate Authority Unable to Issue Certificates due to Revocation Failures

Hello Everyone, my name is Zoheb Shaikh and I’m a Premier Field Engineer with Microsoft India. I am back again with another blog and today I’ll share with you something interesting that I came across recently which caused the Certificate Authority to go down, and how I was able to isolate the issue by using… Read more

Infrastructure + Security: Noteworthy News (March, 2018)

Hi there! Stanislav Belov is back to bring you the next issue of the Infrastructure + Security: Noteworthy News series!   As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!  Microsoft Azure Just-in-Time VM Access… Read more

PKI Basics: How to Manage the Certificate Store

Hello all! Nathan Penn and Jason McClure here to cover some PKI basics, techniques to effectively manage certificate stores, and also provide a script we developed to deal with common certificate store issue we have encountered in several enterprise environments (certificate truncation due to too many installed certificate authorities). PKI Basics To get started we… Read more

Remote Desktop Connection (RDP) – Certificate Warnings

Hello everyone! Tim Beasley, Platforms PFE here again from the gorgeous state of Missouri. Here in the fall, in the Ozark Mountains area the colors of the trees are just amazing! But hey, I’m sure wherever you are it’s nice there too. Quick shout out to my buds SR PFE Don Geddes (RDGURU), and PFE… Read more

SHA-1 Deprecation and Changing the Root CA’s Hash Algorithm

Hi, Rick Sasser here, with what was intended to be a quick blurb on security that back references one of my original posts on Choosing a Hash and Encryption Algorithm for a new PKI? and somehow turned out to be the labor equivalent of about a week, counting everyone who chipped in on it, and… Read more

Microsoft PKI OCSP Responder Now JITC Certified and Lab Setup Guide

Hello all, my name is Jesse Esquivel and I’m a platforms PFE with one of my specialty’s being security/PKI. I’ve been working with PKI in the Department of Defense (DoD) and Federal spaces for the last 7 years, designing, installing, upgrading, and troubleshooting both DoD and Microsoft PKI certificate services as well as certificate validation… Read more

How to Determine if Smart Card Authentication Provider Was Used

Hey folks, Keith Brewer here to discuss how to determine how a user has authenticated. Recently I was onsite with a Microsoft Premier Customer and they asked if there was a way for them to determine if a user had used username and password or their issued smart card for logon. Problem: IT Organization has… Read more

Server 2012 PKI Key Based Renewal Explained

Hello everybody, Randy here. I am new to the PFE role, but have a number of BLOG Posts under my belt from my time as a CTS engineer for the Directory Services team. One of my first tasks as a PFE was to clarify some features available in Server 2012 AD Certificate Services. This BLOG… Read more

Choosing a Hash and Encryption Algorithm for a new PKI?

I frequently get asked to consult on building out new Public Key Infrastructures here in Premier Field Engineering. One of the things that I get asked commonly is “How do I choose a key length and Hash Algorithm?”. That’s a complex question, that generally is difficult to answer, but I thought I might collect “Some… Read more