Understand your attack profile with the Attack Surface Analyzer tool

Wow, I have been looking for a tool that does this for a very long time. ūüėȬ†It analyses the attack surface of your system. Just imagine that you have just installed a piece of software and suddenly you are now more vulnerable. Would you know? ūüė¶ Normally not. Now you can find out from Attack Surface Analyzer by the Microsoft team in the Trust Worthy Computing group. Download it from https://www.microsoft.com/en-us/download/details.aspx?id=24487


Azure Active Directory Connect – GA – Upgrade road test

Last week Alex Simons made the announcement that AADConnect went GA.

Today we are simply going to perform an upgrade on our existing installation of Azure Active Directory Connect beta to GA. A large amount of beta testers including myself have made suggestions and had questions along the way which has resulted in the final product. You can always submit your Microsoft Azure feedback and suggestions here.

To view my original beta install click here.

Today I started by going to a different URL to download the GA version, here. First thing you will notice is that the file size is slightly larger. The file names were the same (until I changed them for clarity).


I ran the installer, (no right click or any elevated premisisons reguired). You will note that I was shown that an upgrade will occur.


I am informed that my syncing will pause during the upgrade.


I enter my Azure credentials


The checkbox was already selected, I select Upgrade.


The installation was successful and I am given I new completion message. To Sync Windows 10 Domain Joined computers to Azure AD as registered devices, please run

ADSyncPrep:Initialize-ADSyncDomainJoinedComputerSync for Technet.com


The message could be a little clearer, but what it means is load the ADSyncPrep PowerShell module, and run the following command. To save you looking and typing here are the commands that you require to complete this task:

PS C:\Users\aaron.whittaker\Desktop> import-module "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"
PS C:\Users\aaron.whittaker\Desktop> Initialize-ADSyncDomainJoinedComputerSync
cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1
Supply values for the following parameters:
AdConnectorAccount: Aaron.Whittaker@xxxxxxxxxxxxx.onmicrosoft.com
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.
Configuration Complete
PS C:\Users\aaron.whittaker\Desktop>



How do you like the AADConnect tool? Leave your comments below and as always feel free to send me a tweet regarding this post or topic.

Till next time thanks.

profile pic

Aaron @aaronw2003

Fixing the Windows 10 login screen – avoid username entry each time.

If you are using Windows 10 beta, the default option for unlocking your machine is to enter your username and password each time. If you wish to have your username automatically entered (same as Windows 8.1) each time you unlock your machine follow these instructions.

Open regedit and¬†navigate to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\ Authentication\LogonUI\TestHooks. Double-click “Threshold” and change the value to “1” to “0”.

Source: Here

profile pic

Aaron @aaronw2003

How to Add a custom application with Single Sign-On to your Azure Active Directory accounts

In the previous post we quickly looked at how to add a custom app (FaceBook) Single Sign-On to your Azure Active Directory accounts.

Firstly go to your Azure portal and log in as an administrator, go to Active Directory, Default Directory, Select the Applications tab at the top, then select add at the bottom of the page. Select Add an application from the gallery.


Then go to Custom type in your application name Facebook.


Select Configure single sign-on


I selected Password Single Sign-On as I don’t have an ADFS environment at the moment.


Enter the application URL.


I entered account and password labels that I found from the Facebook source code (there is another way to do this see below).


Now we need to assign some users.


I selected the user, and entered existing FaceBook user credentials.


Now if you browse to https://myapps.microsoft.com click on customfacebook and your test does not work, try the following.

Select the app and then select Configure single sign-on. Check the box to recapture sign-in fields.


Now select the button Click to sign in.


I performed this plugin install test on Chrome and IE11 successfully.


After the plugin was installed (browser restart might be required) I selected the username, password fields and login. The plugin highlights these fields with the red boxes.


Using Azure Apps SSO: Browse to https://myapps.microsoft.com tab, note the refresh message.


After the refresh both apps show up. Clicking on either button opens a new tab and automatically logs me into FaceBook.com


To see part 1 of this post click here. Now we have added a custom app.  Instead of Facebook we could have used any other valid URL with a login. The list of predefined apps is always expanding.

profile pic

Aaron aaronw2003