Azure Active Directory simplifies IT infrastructure management by providing a single place to store information about digital identities. But this convenient Identity and Access Management (IAM) system comes pre-configured with only basic features and security settings. For example, the default setting for Azure storage accounts allows access from anywhere, including the internet.

One of the commonly recommended solutions to increase the security of user accounts in the on-premise Active Directory is to require two-factor authentication using Smart Cards. Not everyone knows that Windows Smart Card implementation has undergone a significant change years ago that has not been clearly reflected in the publicly available documentation. Since Public Key Infrastructure (PKI) security is not a typical piece of knowledge, therefore many enterprises may be at risk.

It’s your friendly neighborhood Microsoft Security Advisor, back with more tricks to keep your network safe. Despite your best efforts to protect your data, unencrypted network protocols might still be used. We show you how to use IPsec and SMB protection to create a web of protection around your information.