Tuesday, 11 December 2018

how to find the ADFS Service name ADFS 2.0 or 3.0

This small article talks about finding the ADFS Service name

simply open the powershell with elevated rights in the ADFS server

run the command " Get-Adfsproperties"

in the result check for the host name, you can find something like  "adfs.fabrikam.com"


In the GUI mode open the adfs  mmc console and click on ADFS in the left.

So that in the right you can find an option called " Edit Federation Service Properties"

when you click on that you can find the Federation Service name



Wednesday, 28 November 2018

Azure SQL Connectivity and Service Management Errors || Azure Storage Service Down - West US 2 - Applying Mitigation

 Azure SQL Connectivity and Service Management Errors ||

Azure Storage  Service Down - West US 2 - Applying Mitigation

As per the Azure Status site,


Starting at 04:20 UTC on 28 Nov 2018 a subset of customers in West US 2 may experience issues connecting to Storage resources hosted in this region. A subset of customers using resources dependent on Storage may also see impact. Engineers have identified a recent deployment as the potential root-cause and are in the process of applying a fix for this issue. The next update will be provided within 60 minutes, or as events warrant.

REGION AFFECTED:

WEST US 2 



Tuesday, 27 November 2018

Azure MFA failing with Error Message "Sorry, we're having trouble with verifying your account. Please try again" Today 27th November 2018


###Update on 28th November 2018

The Engineering team has fixed the issue and Identified the Preliminary issue.

According to the official Azure Status site the reason was "a DNS issue triggered a large number of sign-in requests to fail, which resulted in backend infrastructure becoming unhealthy. "


MS also told that they have fixed the issue and observed a decrease in the MFA failure count. We are still waiting for the RCA..




==========================================

27th November 2018

Azure MFA is failing again today 27th November 2018 with the Error messageSorry, we're having trouble with verifying your account. Please try again" 

{no Sno SMS sent, no push notification to the app, TOTP code doesn’t work)MS sent, no push notification to the app, TOTP code doesn’t work}

Azure Site says all the regions of America, APAC, and Europe is affected.


Outage details in Azure Site :
Starting at 14:25 UTC on 27 Nov 2018 a subset of customers using Multi-Factor Authentication may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when Multi-Factor Authentication is required by policy. Impacted customers may encounter timeout errors. Engineers are aware of this issue and are actively investigating mitigation options. The next update will be provided in 60 minutes, or as events warrant.






The MS team is working on this.

The regions that are affected are,


Oregon

North Virginia

Dublin

Tokyo

Tokyo
BrazilNorth EuropeSouth East AsiaWest Europe SydneyDallasTXHong KongHong KongSouth Central USEast US2SingaporeNorth Central USFrankfurtNorth CaliforniaChicagoSydneyNorth VirginiaEast JapanSouth India



we are following the MS Internal Sites. An Incident with Priority has been raised and MS team is working on this.

============================================

###Update on 28th November 2018

The Engineering team has fixed the issue and Identified the Preliminary issue.

According to the official Azure Status site the reason was "a DNS issue triggered a large number of sign-in requests to fail, which resulted in backend infrastructure becoming unhealthy. "


MS also told that they have fixed the issue and observed a decrease in the MFA failure count. We are still waiting for the RCA..


Friday, 9 November 2018

Cloud Computing for CCSK certification Cloud certification


                   
CCSK => Certificate of Cloud Security Knowledge

92 of the questions are based on CSA Guide
8 percent is based on ENISA Report

Cloud security fundamentals (How Cloud architecture impacts Security concerns)

Cloud Computing:
According to the National Institute of Standards and Technology, it is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (Eg., networks, storage, applications and services) that can be rapidly provisioned and released with minimal management effort and service provider interaction.

Download the PDF 


This is composed of 5 essential characteristics, three service models and four deployment models

Five essential characteristics of Cloud Computing

On demand self-service:

Customer will be able to add or reduce the computing resources based on the requirement without any technical support.

Broad Network access:

It should be available to cx from any place using internet connection, it should be also available to manage from any place without any ‘vpn’ or remote connectivity or any restriction.

Resource pooling:

 In Cloud computing resources will be shared, there are als0 options to restrict it. Resource allocation are all dynamic, when we need more resources it should be dynamically allocated from the pool. these can be allocated from any geographical locations.

Rapid elasticity:

Cloud has the capability to allocate or de-allocate resources dynamically. 

The criteria for scaling up and down can be defined by the customer, dynamic allocation guarantees the performance of the application deployed in the cloud with optimum resources




Download the PDF 


Measured service:

In cloud the customer will be charged based on the usage of the resources.
there will be a mechanism to automatically measure the usage of resources.
billing will be based on the pay per use which benefits the customer.




Three service models in cloud computing:

Infrastructure as a service
Platform as a service
Software as a service













Iaas:

here cx gets only the hardware and gets the freedom to choose the software that he wants.


Paas:

here the hardware and basic software are given
provides the consumers with a stable online environment where they can quickly create , test and deploy web applications using browser based software development tools.
Eg: azue, google apps.



SAAS: 

Provides complete business applications over web.
Eg: gmail, fb, linkedin








Download the PDF 



Four Deployment Models in Cloud:

1.Private cloud
2.Community Cloud
3.Public cloud
4.Hybrid Cloud

Private cloud:

#A Cloud infrastructure operated solely for a single organization
#It can be managed internally or by a third party
#it can be hosted internally or externally
#organization taking responsibility of their data
#organization cn enable pooling and sharing of computing resources across different applications, departments or business units
#Require significant up-front development costs, data centre costs, ongoing maintenance, hardware, software and internal expertise



Community Cloud :

#Community clouds are used by distinct groups ( Or shared communities) of organizations that have shared concerns such as compliance or security considerations.
#The Computing infrastructures may be provided by internal or third party suppliers
#The communities benefit from public cloud capabilities but they also know who their neighbour are so they have fewer fears about security and date protection.

PUBLIC CLOUD:

#the computing resources are shared with the providers other customers
# No awareness of their neighbours

Download the PDF 

HYBRID CLOUD:

#It is a composition of two or more clouds
#Using public clouds for genera comouting while customer data is kept within a private cloud, community cloud or a more traditional IT infrastructure.






Who has control in cloud?
The following chart tells who has control in cloud Computing.




Risks in Cloud as Stated by ENISA:
Loss of Governance
Lock-in
Isolation Failure
Compliance risks
Management interface compromise
Data Protection
Insecure or incomplete data deletion
Malicious insider

Download the PDF 

iSEC Realistic Cloud Threats:
Authentication Abuse
Operations Breakdown
Misuse of Cloud-specific Technology
General Security Advantages:
Shifting public data to an external cloud reduces the exposure of the internal sensitive data
Cloud homogeneity makes security auditing/ testing simpler
Clouds enable automated security management
Redundancy/ Disaster recovery
General Security Challenges:

Trusting the vendor`s security Model
Customer`s inability to respond to audit findings
Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations cat be examined
Loss of physical control


Data Storage Services:
Advantages are,
Data fragmentation and dispersal
Automated replication
Provision of data zones (eg. By country)
Encryption at rest and in transit
Automated data retention

Disadvantages or undesired features are,
Isolation management/ data multi-tenancy
Storage controller
Exposure of data to foreign governments



Download the PDF 


Thursday, 8 November 2018

In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error. ==(or)== Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "abc.com" failed to run because the credentials were invalid'.

If you get any of the following error messages in AAD Connect try the following steps mentioned here.


Error Message:


In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.

Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "abc.com" failed to run because the credentials were invalid'.






Steps to be followed:


Start the Synchronization Service Manager (START → Synchronization Service).

go to the “Connectors” tab and right click on the connectors name

Under Actions, select Properties.

In the pop-up dialog, select Connect to Active Directory Forest:

Enter the new password

Click OK to save the new password and close

Restart the Azure AD Connect Synchronization Service under Windows Service Control Manager. This is to ensure that any reference to the old password is removed from the memory cache.






Type in the comment if it was helpful or not.


Thanks for Reading :) 

//
Senko


Insufficient access rights to perform the operation error in Azure AD Connect

Insufficient access rights to perform the operation error in Azure AD Connect


are  you're getting Insufficient access rights to perform the operation in your Azure AD Connect synchronization logs? 


Try the following.

1)check for the  latest version of Azure AD Connect


2)If you're syncing passwords, make sure that your sync service account has Replicate Directory Changes and Replicate Directory Changes All permissions in your on premises Active Directory
Make sure that your sync service account has write permissions on your sourceAnchor attribute (which is most likely set to ms-ds-consistencyGuid). You can do that either using the user interface, or PowerShell, which is easier:
$accountName = "DOMAINNAME\USERNAME" #[this is the account that will be used by Azure AD Connect Sync to manage objects in the directory.

$ForestDN = "DC=DOMAINNAME,DC=SOMETHING"
$cmd = "dsacls '$ForestDN' /I:S /G '`"$accountName`":WP;ms-ds-consistencyGuid;user'"
Invoke-Expression $cmd

3)Make sure that inheritance is turned on for the AD objects that get errors in the synchronization logs. 

  • Open Active directory Users and Computers
  • Enable the Advanced features in the View settings and,
  • Open up the user object that can't sync.
  • Go to the security tab and then into advanced
  • Check to make sure the box is checked to inherit permissions.







Let me know if this helps in comment.

Thursday, 11 October 2018

Updated version of Windows 10 October 2018 Update released to Windows Insiders

According to Microsoft  blog these were the bugs that were found and fixed.


Using KFR the user redirected a known folder to a different drive. For example, suppose you ran out of space on your C drive. You want to save some files separate from your primary folder, so you add another drive to your system for these.  You create “D:\documents” and change the location of the files known folder from the original “old” location c:\users\username\documents to D:\documents.  In some cases, if the contents of c:\users\username\documents were not moved to D:\documents, then a user could also encounter this issue.   When the October 2018 Update was installed the original “old” folder was deleted including the files in that folder (in this example c:\users\username\documents would be deleted; d:\documents, the new location, would be preserved).

The user configured one or more of their Known Folders (Desktop, Documents, Pictures, Screenshots, Videos, Camera Roll, etc.) to be redirected (KFR) to another folder on OneDrive.  For example, the user changed the location property of the documents folder from c:\users\username\documents to another folder.   During this process the system prompts the user and asks if they would like to move the files to the new location.  If the files were not moved and the October 2018 Update is installed the original “old” folder was deleted including the files in that folder.


The user used an early version of the OneDrive client and used the OneDrive settings to turn on the Auto save feature.  This feature turned on KFR for the Documents and/or Pictures folders based on the user’s choice but did not move the existing files from the original “old” location to the new location.  For example, if a user turned on Auto Save for pictures the location of the Pictures folder would be changed from c:\users\username\pictures to c:\users\username\onedrive\pictures, but no files would be moved.  The current version of this feature moves the files. If the files were not moved and the October 2018 Update was installed the original “old” folder was deleted including the files in that folder (in this example c:\users\username\pictures would be deleted; c:\users\username\onedrive\pictures, the new location, would be preserved).


Support for Affected users,


Affected users, please refer to this article!!

https://support.microsoft.com/en-us/help/44646
19/windows-10-update-history


https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers






Monday, 8 October 2018

installing latest windows 10 update is deleting user files, specially under \pictures, \documents etc.( Temporary Bug) will be fixed soon !


Folks, make sure to backup the files from user profile, before you install the latest windows 10 update.

It seems installing latest windows 10 update is deleting user files, specially under \pictures, \documents etc.



Other  Details :


1. Does the problem affect all four account types - Microsoft account, local account, on premises AD account, Azure AD account?
yes

2. Does the problem only affect files below c:\users\<username> or are files in other directories and / or on other drives also affected?
only user profile location

3. Is there a recommended / feasible way to recover deleted files?
3rd party file recovery tools

4. Will the OS upgrade offered through Windows Update, be corrected?
absolutely.


It is recommended to wait with 1809 upgrade !!!!


Improving chances of data recovery Here are a few things to keep in mind to improve the likelihood of recovering data.  1. Keep the device in its current state. If it’s turned on, leave it on. 

 2. DO NOT shut down and restart the device. Services and applications that start on a reboot may write logs and other information and inadvertently overwrite what would have been recoverable data.

  3. DO NOT rollback to an older version of Windows. This will cause more writes to the storage medium and may overwrite deleted files, reducing the likelihood of data recovery. 

4. DO NOT continue to use the device once you’ve established that data has been lost. This means, do NOT install new applications or start already installed applications. Actions such as browsing the web will create temporary files that may overwrite potentially recoverable data. 

5. DO NOT copy new files to the device .


Wait for the Microsoft Public documentation.







Thursday, 4 October 2018

மழைகால முன்னெச்சரிக்கை நடவடிக்கைகள்

தற்போது மழைகாலம் என்பதால்  முன்னெச்சரிக்கை நடவடிக்களை எடுத்து கொள்ளுங்கள்...*
 *மழையினால் மின்தடை ஏற்படலாம் எனவே*
 *நீர் மோட்டர் போட்டு நீர் தொட்டியில் உடனுக்குடன் நீர் நிரப்பி வைத்து கொள்ளுங்கள்*
 *மின்சாரம் இருக்கும்போது செல்போன்களை முழு சார்ஜ் போட்டு வைத்துக்கொள்ளுங்கள்*
 *செல்போனை அவசர உபயோகத்துக்கு மட்டும் பயன்படுத்துங்கள்*
  *பாட்டுக்கேட்பது, வீடியோ அல்லது பேஸ்புக் பார்ப்பது போன்ற விஷயங்களுக்குப் பயன்படுத்தாதீர்கள்*
 *இன்வர்ட்டர் உள்ளவர்கள் அவசர தேவைக்கு மட்டும் இன்வர்ட்டர் உபயோகித்து கொள்ளுங்கள்*
 *பிஸ்கட்*
 *பால்*
 *அவசர மாத்திரைகள்*
 *தண்ணீர் கேன்*
 *பேட்டரி செல்கள்*
 *மெழுகுவர்த்தி*
 *காய்கறிகள்*
 *மளிகை சாமான்கள் வாங்கி வைத்துக் கொள்ளுங்கள்*
 *குடைகளையும் ரெயின்கோட்டையும் தயாராக வைத்திருங்கள்*
 *குழாய் தண்ணீரைப் பயன்படுத்துவோர் காய்ச்சிப் பயன்படுத்துங்கள்*
 *கார் மற்றும் இருசக்கர வாகனங்களில் பயணம் செய்வோர் மிகவும் கவனமாக ஓட்டவும்*
 *இடி மின்னல் நேரங்களில் டி.வி பார்க்காதீர்கள்*
 *பழைய சுவர் அருகில் இருக்காதீர்கள்*
 *மின் கம்பிகள் அறுந்து கிடக்கும் எனவே எச்சரிக்கையுடன் இருக்கவும்*
*மழை நீர் தேங்கி திடீர் பள்ளம் ஏற்படும் எனவே ஜாக்கிரதை*

Friday, 31 August 2018

அடுத்த பிறவியில்
நான் உன் அவராக
பிறக்க வேண்டும்
உன் காதல் அப்போதாவது எனக்கு
கிட்டட்டும் !!!!!

How to Change the Azure Subscription from One Tenant to Other Tenant



Follow the below steps to change the  Azure Subscription from One Azure Tenant  to Other.


Log into the tenant (tenant.onmicrosoft.con) with Service admin or Account Admin rights.

In all services go to subscriptions => select the subscription => Over view => click on change directory option.







Then you can choose the Directory from the pull down and click on Change

NOTE: To choose the Directory you should also be a  member of the Destination tenant.




Tuesday, 26 June 2018

Create new Azure Active Directory or Azure Tenant

How to create an Azure AD  or Azure Tenant 

First create a outlook account
Sign in with that account
Reach this URL to name your tenant

https://portal.azure.com/#create/Microsoft.AzureActiveDirectory





Use an existing Azure AD tenant

Many developers already have tenants through services or subscriptions that are tied to Azure AD tenants such as Office 365 or Azure subscriptions. To check if you already have a tenant, sign in to the AzurePortal with the account you want to use to manage your application and check the upper right corner where your account information is shown. If you have a tenant, you'll automatically be logged into it and you'll see the tenant name directly under your account name. If you hover over your account name on the upper right-hand side of the Azure portal, you will see your name, email, directory and tenant ID (a GUID), and your domain. If your account is associated with multiple tenants, you can select your account name to open a menu where you can switch between tenants. Each tenant has its own tenant ID.


Create a new Azure AD tenant

If you don't already have an Azure AD tenant or want to create a new one, you can do so using the directory creation experience in the Azure portal. The process will take about a minute, and in the end you'll be prompted to navigate to your newly created tenant.


NOTE:
If you need to find the tenant ID, there are multiple ways to find this info. You can hover over your account name to get the tenant ID or you can select Azure Active Directory > Properties > Directory ID in the Azure portal.














Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant#create-a-new-azure-ad-tenant

 வாழ்க்கை முழுவதைம் அள்ளிச்சென்ற  பின்,   கனவில்  மட்டும்  வந்து   ஏன் இன்பம்  காட்டுகிறாய்... கனவு கலைந்ததும்  உண்மை  வாட்டுகிறது... கனவாவத...