Translate

Tuesday, May 4, 2021

MS deprecates TLS 1.0 and TLS 1.1 in AzureAD

Microsoft announced they will deprecate TLS 1.0 and TLS 1.1 as authentication mechanism in AzureAD. This was already done with Office 365 with less impact. This time the impact will be much bigger!

Reason for this is security as there are serious vulnerabilities out there like Heartblead, POODLE, BEAST and others. Also other major vendors will deprecate the usage of TLS 1.0 and TLS 1.1 as also specified in RFC8996!

The MS cloud application catalog is reporting already more than 2.700 apps from the 17.000 apps not supporting TLS 1.0 or TLS 1.1.  If Azure AD is used for authentication for one of the affected apps they may fail after June 30th 2021!

Also old on-premises stuff will fail when used in combination with Azure Active Directory e.g. but not limited to: 

  • Use of outdated operating systems (Windows 7 / Window 8 without "extension", Servers older as Windows Server 2012 R2
  • Use of outdated browsers (used for app compat reasons)
  • New AzureAD device registration on older OSes
  • Older Versions of Azure AD connect, PTA agents oder AppProxy connectors
  • MFA extensions on ADFS servers with older OSes
  • NPS extensions for Azure MFA on older OSes
  • Azure AD integrated applications and PowerShell scripts based on older .Net Framework version not configure for use of TLS 1.2
  • Software as a Service (SaaS) applications or other Line of Business applications hosted on platforms without TLS 1.2 support
  • Webproxy with SSL inspection which are not supporting TLS 1.2
This list may not be complete but should show the full impact on this!

How you can solve this issue in certain scenarios you find here more information's:



You can do some testing on this also on: https://www.ssllabs.com/ssltest/
(Please keep in mind that more than one URL might be involved in an authentication process!)


If you have Microsoft's Cloud App Security you find with this advanced filter all the affected software!



And last but not least you can find for all authentications on your tenant a report showing outdated authentications. How reliable this report is, judge on your self in your environment. We found still some strange reports.

TLS deprecation report (every 2 days you see a new one. You only see the last 3 reports!)
https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download

Wednesday, January 20, 2021

PSexec failing with no process on the other end of the pipe

Recently we had a new strange issue with current Windows versions and PSExec.



If you execute something like PSExec -s -i cmd.exe 

which is creating a CMD under local system context you may receive an error like this

Error communicating with PsExec service on [MACHINE_NAME]:
No process is on the other end of the pipe.

Solution: Simply update PsExec to the latest version!
Minimum here is 2.32!

Monday, January 11, 2021

Surface device - driver and firmware support lifecycle

Recently a friend ask me for an updated driver for an issue with an older device in the surface family. So I thougth it would be a good idea first to check if the device is still supported. As we have the row of devices now for a couple years.



The good news were the devices up to Surface 3 are still under "firmware and driver" support. So in this case I could open a case for this driver issue and still believe it may be served. Actually its not a guarantee that PG agrees with my issue and will fix it. But there is some how a legal basis for it according to their own support policies.

Checkout here the list!

DeviceRelease DateEnd of Servicing Date
Surface RT1October 26, 2012April 11, 2017
Surface Pro1February 9, 2013April 11, 2017
Surface 21October 22, 2013April 10, 2018
Surface Pro 21October 22, 2013April 10, 2018
Surface Pro 3June 20, 2014November 13, 2021
Surface 3May 5, 2015November 13, 2021
Surface BookOctober 26, 2015November 13, 2021
Surface Pro 4October 26, 2015November 13, 2021
Surface Book with Performance BaseNovember 10, 2016November 13, 2021
Surface Studio (1st gen)December 15, 2016November 13, 2021
Surface Laptop (1st gen)June 14, 2017November 13, 2021
Surface Pro (5th gen)June 15, 2017November 13, 2021
Surface Book 2November 17, 2017November 17, 2021
Surface Pro LTE (Model 1807)December 1, 2017December 1, 2021
Surface GoAugust 2, 2018August 2, 2022
Surface Studio 2October 2, 2018October 2, 2022
Surface Laptop 2October 16, 2018October 16, 2022
Surface Pro 6October 16, 2018October 16, 2022
Surface Go with LTE AdvancedNovember 20, 2018November 20, 2022
Surface Laptop 3October 22, 2019October 22, 2023
Surface Pro 7October 22, 2019October 22, 2023
Surface Pro XNovember 5, 2019November 5, 2023
Surface Go 2May 6, 2020May 6, 2024
Surface Book 3May 26, 2020May 26, 2024
Surface Pro X SQ2October 13, 2020October 13, 2024
Surface Laptop GoOctober 13, 2020October 13, 2024

1. Indicates devices with a previously declared end of firmware/driver servicing support date.


More details especially also the differentiation on device support and OS version support you will find here: https://docs.microsoft.com/en-us/surface/surface-driver-firmware-lifecycle-support


To dig deeper its also very helpful to checkout the surface update history which is found here: https://support.microsoft.com/en-us/help/4036283