Isn’t Microsoft pushing everyone to host their AD on Azure now?
HubertManne@piefed.social
on 17 Jun 16:28
nextcollapse
I mean even if not its a virtual machine but they should still have control and backup/disaster recovery. So they could mass download all keys and encrypt it and put it on some other storage. I mean things like that should be done but as a tech person who has worked with this kind of thing I never am really satisfied with any backup and disaster recovery I have come across. Scratch that. Cars.com did a pretty good job overall and I imagine some other large corps do but its amazing how many don't.
yep, in several countries including where I live. Several government institutions and state-owned companies have been using M$ Azure since 2 years ago.
Sure, they want you to use Azure AD (now called Entra ID) or maybe Entra Domain services.
But they are absolutely not stopping anyone from hosting their own AD like normal. There even came a few nice improvements to AD in Windows server 2025 so it’s actively being developed. Server 2025 is being supported until 2034. So AD will be supported until AT LEAST 2034 but very very likely much longer.
Nowadays it’s very common to have a hybrid setup with AD and Entra ID where users and devices sync to Entra ID from AD.
Many features are available in AD and/or Entra ID (or any of the other related cloud services like Intune). For example: you can choose if you want your bitlocker keys backed up to Entra or AD.
AD will likely stay relevant for many decades to come. Especially for larger companies with special requirements.
Forced bitlocker encryption without keeping the keys in a separate area accessible to you, is just adding ransomware to your own device.
iAmTheTot@sh.itjust.works
on 17 Jun 16:37
collapse
Am I missing something? Doesn’t Microsoft provide keys associated with your accounts? I had to unlock mine once and I just had to access it on my account page.
phdepressed@sh.itjust.works
on 17 Jun 18:06
nextcollapse
And if you dont remember your Microsoft account because you originally had a local account on win10?
iAmTheTot@sh.itjust.works
on 17 Jun 19:05
nextcollapse
Go through the steps to recover that account through Microsoft, I would reckon.
fuckwit_mcbumcrumble@lemmy.dbzer0.com
on 17 Jun 19:54
collapse
You have to sign in to get converted to a Microsoft account. It doesn’t magically give you a Microsoft account without your login info.
The title is wrong. Most, if not all new phones have forced encryption. Macs have forced encryption (I think can be disabled, but it’s encrypted by default).
Windows shows how crap software can lose you data.
this Encryption should be under good design circumstances, transparent. I’d wager that almost all apple operating system users have little to no idea everything is locally encrypted.
some_guy@lemmy.sdf.org
on 17 Jun 17:44
nextcollapse
This is why I have multiple backups. But I’m a nerd who likes computers and has money. Not everyone has the means or knowledge to do the same. Users are getting screwed more and more by corporations and the decisions they force on their customers. Capitalism is long past the part where we could pretend that it was good for regular people. We’re in the finding-out phase from here on.
Zedd_Prophecy@lemmy.world
on 17 Jun 19:23
collapse
I am a nerd without money - I have 3 drives 2 that live offsite. 6gb humble spinny drives. Everything that’s important to me gets copied to these drives- I’m not using any fancy software - its a cut and paste job from a few Linux laptops and a desktop. I still have all my original wav file and games backup from 1998 with this method ( though then they were on 10 zip discs ) It just takes a little due diligence to back up your data.
I don’t think I grasp this at all. They say the encryption is forced, so that means that I can’t just access my files with Linux or whatever? But then at the end they say to use an extra hard drive as backup, so that can’t be right. Is their problem that the cloud storage is encrypted? Wouldn’t it be a huge, glaring issue if it wasn’t? Regardless, I would expect to be locked out of my files on a cloud storage service I got locked out of, so I don’t know what encryption has to do with it. I don’t get it.
towerful@programming.dev
on 17 Jun 22:12
nextcollapse
I had an offline windows account on my laptop.
I was freelancing for a company that gave me a Microsoft account.
I logged into teams, but was very careful not to assign my laptop to that account. I had to use teams, but I didn’t want my client to manage my device.
Shortly after I installed Linux, which broke windows bitlocker, and I had to get my bitlocker key.
I hadn’t set up bitlocker, I wasn’t expecting it. As far as I was concerned, I had bricked my device.
On a hunch of “hmm, maybe”, I checked my Microsoft account from the client, and it has a bitlocker key which unlocked my windows install.
At which point, I disabled bitlocker and now primary Linux.
But yeh, in my experience bitlocker is transparently applied during windows install and you never know your bitlocker key. If you never log in to a Microsoft account, you will never be able to recover it if you don’t save it in advance. And if you don’t know its happened, why would you know to save it in advance?!
The fact that I was able to recover my bitlocker key for my offline/local windows account because I had installed & logged-in to teams via a client provided Microsoft account is strange as fuck.
fruitcantfly@programming.dev
on 17 Jun 22:45
collapse
Linux supports BitLocker encrypted partitions. You just have to specify the BitLocker recovery-key in your fstab file or on the command-line. I’ve been dual-booting with disk encryption enabled on both Linux and Windows for several years, using that functionality
Just backup your data on another non encrypted device, or back it up on the Microsoft cloud where it’s absolutely safe from prying eyes, pinky promise!
Seriously, if you’re using Microsoft windows I will think less of you and you’re getting exactly what you paid for.
threaded - newest
<img alt="" src="https://dreifir.com/get?link=652">
I wonder how this is going to work in government offices....
they’ve been using forced bitlocker for years.
the keys are on the in house domain servers though.
Isn’t Microsoft pushing everyone to host their AD on Azure now?
I mean even if not its a virtual machine but they should still have control and backup/disaster recovery. So they could mass download all keys and encrypt it and put it on some other storage. I mean things like that should be done but as a tech person who has worked with this kind of thing I never am really satisfied with any backup and disaster recovery I have come across. Scratch that. Cars.com did a pretty good job overall and I imagine some other large corps do but its amazing how many don't.
yep, in several countries including where I live. Several government institutions and state-owned companies have been using M$ Azure since 2 years ago.
Sure, they want you to use Azure AD (now called Entra ID) or maybe Entra Domain services. But they are absolutely not stopping anyone from hosting their own AD like normal. There even came a few nice improvements to AD in Windows server 2025 so it’s actively being developed. Server 2025 is being supported until 2034. So AD will be supported until AT LEAST 2034 but very very likely much longer.
Nowadays it’s very common to have a hybrid setup with AD and Entra ID where users and devices sync to Entra ID from AD. Many features are available in AD and/or Entra ID (or any of the other related cloud services like Intune). For example: you can choose if you want your bitlocker keys backed up to Entra or AD.
AD will likely stay relevant for many decades to come. Especially for larger companies with special requirements.
Forced bitlocker encryption without keeping the keys in a separate area accessible to you, is just adding ransomware to your own device.
Am I missing something? Doesn’t Microsoft provide keys associated with your accounts? I had to unlock mine once and I just had to access it on my account page.
And if you dont remember your Microsoft account because you originally had a local account on win10?
Go through the steps to recover that account through Microsoft, I would reckon.
You have to sign in to get converted to a Microsoft account. It doesn’t magically give you a Microsoft account without your login info.
Right well the fellow on Reddit got kicked out of their account by Microsoft.
The title is wrong. Most, if not all new phones have forced encryption. Macs have forced encryption (I think can be disabled, but it’s encrypted by default).
Windows shows how crap software can lose you data.
this Encryption should be under good design circumstances, transparent. I’d wager that almost all apple operating system users have little to no idea everything is locally encrypted.
This is why I have multiple backups. But I’m a nerd who likes computers and has money. Not everyone has the means or knowledge to do the same. Users are getting screwed more and more by corporations and the decisions they force on their customers. Capitalism is long past the part where we could pretend that it was good for regular people. We’re in the finding-out phase from here on.
I am a nerd without money - I have 3 drives 2 that live offsite. 6gb humble spinny drives. Everything that’s important to me gets copied to these drives- I’m not using any fancy software - its a cut and paste job from a few Linux laptops and a desktop. I still have all my original wav file and games backup from 1998 with this method ( though then they were on 10 zip discs ) It just takes a little due diligence to back up your data.
god zip drives were so cool
I salute you for having offsite backups. That’s the mark of someone doing it right.
I don’t think I grasp this at all. They say the encryption is forced, so that means that I can’t just access my files with Linux or whatever? But then at the end they say to use an extra hard drive as backup, so that can’t be right. Is their problem that the cloud storage is encrypted? Wouldn’t it be a huge, glaring issue if it wasn’t? Regardless, I would expect to be locked out of my files on a cloud storage service I got locked out of, so I don’t know what encryption has to do with it. I don’t get it.
I had an offline windows account on my laptop.
I was freelancing for a company that gave me a Microsoft account.
I logged into teams, but was very careful not to assign my laptop to that account. I had to use teams, but I didn’t want my client to manage my device.
Shortly after I installed Linux, which broke windows bitlocker, and I had to get my bitlocker key.
I hadn’t set up bitlocker, I wasn’t expecting it. As far as I was concerned, I had bricked my device.
On a hunch of “hmm, maybe”, I checked my Microsoft account from the client, and it has a bitlocker key which unlocked my windows install.
At which point, I disabled bitlocker and now primary Linux.
But yeh, in my experience bitlocker is transparently applied during windows install and you never know your bitlocker key. If you never log in to a Microsoft account, you will never be able to recover it if you don’t save it in advance. And if you don’t know its happened, why would you know to save it in advance?!
The fact that I was able to recover my bitlocker key for my offline/local windows account because I had installed & logged-in to teams via a client provided Microsoft account is strange as fuck.
Linux supports BitLocker encrypted partitions. You just have to specify the BitLocker recovery-key in your
fstabfile or on the command-line. I’ve been dual-booting with disk encryption enabled on both Linux and Windows for several years, using that functionalityIt’s all right, people!
Just backup your data on another non encrypted device, or back it up on the Microsoft cloud where it’s absolutely safe from prying eyes, pinky promise!
Seriously, if you’re using Microsoft windows I will think less of you and you’re getting exactly what you paid for.
Microsoft’s latest Ransomware dubbed Windows 11…