March 12, 2025

Strong Certificate Mapping in Active Directory with Richard Hicks

Listen Later

39 minutes

Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!

Links

KB5015754: Certificate-based Authentication Changes on Windows Domain Controllers
Richard's Blog Post on Strong Certificate Mapping Enforcement
Active Directory Certificate Services
Create and Assign SCEP Certificate Profiles in Intune
Heartbleed

Recorded February 17, 2025

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

RunAs Radio

By Richard Campbell

4.6

8080 ratings

March 12, 2025

Strong Certificate Mapping in Active Directory with Richard Hicks

Listen Later

39 minutes

Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!

Links

KB5015754: Certificate-based Authentication Changes on Windows Domain Controllers
Richard's Blog Post on Strong Certificate Mapping Enforcement
Active Directory Certificate Services
Create and Assign SCEP Certificate Profiles in Intune
Heartbleed

Recorded February 17, 2025

...more

More shows like RunAs Radio

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,010 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

1,982 Listeners

Hanselminutes with Scott Hanselman by Scott Hanselman

Hanselminutes with Scott Hanselman

377 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

.NET Rocks! by Carl Franklin and Richard Campbell

.NET Rocks!

37 Listeners

.NET Rocks! by Carl Franklin and Richard Campbell

.NET Rocks!

243 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,012 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

868 Listeners

Risky Business by Patrick Gray

Risky Business

364 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

Intelligent Machines (Audio) by TWiT

Intelligent Machines (Audio)

733 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

284 Listeners

Tech News Weekly (Audio) by TWiT

Tech News Weekly (Audio)

1,073 Listeners

The Cloudcast by Massive Studios

The Cloudcast

154 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

63 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

91 Listeners