I learned AD about 8 years ago. I work at a place that uses Entra/Azure AD now. Thank you for this. Security is always top of mind for our crew here. I shared this to our entire team.

I have been working with Active Directory for 20 years. I think it has been evolving nicely with every new release of Windows Server (WS). From WS 2003 significant improvements in Group Policy management over user and computer configurations within the network and also forest trust. Then WS 2008 introduced role-based authentication, providing administrators with more granular control over the assignments of rights and permissions and fine-grained password policies. Then WS 2012 with Dynamic Access Control, Recycle bin and Virtualization support. Then WS 2016 Privileged Access Management and Shielded Virtual machines. To WS 2019 Authentication Policy Silos, Enhanced Time Accuracy and Integration with Azure Active Directory. Havent played around with WS 2022 yet though.

Reach out if you want to have a deeper discussion more than happy to dive in a bit with you around some of these concepts and better security options and processes!

This is a great video and I really enjoyed learning about Specops. Your point that 90% of businesses still run AD is spot on. My team is seeing a ton of AD security and hardening projects. Despite Microsoft's marketing, companies will remain hybrid longer than anyone expects. AD is the equivalent of the mainframe in the 90s. I wonder if we will have to recruit AD admins from retirement homes in 10 years 😀. Keep up the great work!

Great video as always! Since MS is appearing to move away from passwords (see Microsoft Account, or Microsoft 365, for example), I think MS should take a serious look to revamp the password policy and, most importantly, try to get rid of passwords in AD.

I mean, yeah, fair point. We should enforce users to harden their passwords and stuff. And so they commit unrememberable passwords, with expiring policies enough for them to write down on a post-it or something, comprimising the password anyway.

Very informative video Andy but I wonder how this SpecOps tools interacts with SSPR in Entra ID. Does it has similar "tips screen" as in Windows client or some other way to inform a user why the password is not accepted?

💻⌨📲🔍Thank you Andy, Excellent video presentation

Andy I have been getting the run around from Microsoft Canada trying to get a client verification for ms edu. Any recommendations

Use the AD administrative console and create a whole domain password policy there

Ahh thats a topic Im realy intressted in because Im in a ICT school currently learning how to do active directory. What are other options on a windows server to handle all the users, groups, rules?

You forgot to mention this video includes paid promotion!