<div>
signing &nbsp;== maybe but you can get an authenticode cert from a public CA<br />
encryption -- only for https/ftps again public CA or letsencrypt. SMB can be encrypted and is the default for S2K16+, RDP will use self signed or from public CA or your own CA<br />
TPM &nbsp;not needed at all.
</div>


signing  == maybe but you can get an authenticode cert from a public CA
encryption -- only for https/ftps again public CA or letsencrypt. SMB can be encrypted and is the default for S2K16+, RDP will use self signed or from public CA or your own CA
TPM  not needed at all.

David M

<div>
<div class="content wysiwyg-content">
I am trying to develop some software for a company. This company has at IT department with active directory. I would like to talk with IT, about getting Active Directory Certificate services setup so I can be issues with a Internal Cert to sign my app.<br />
What documentation does Microsoft release regarding if they recommend AD CS. Is there any documentation that says if a domain doesn’t have a AD CS its not complete or its not whole?<br />
Im sort of looking for historical document too. I want to be able to demonstrate to management the importance of AD CS for signing encryption and use of TPM on our laptops.<br />
Thank you in advance for your help.
</div>
</div>


I am trying to develop some software for a company. This company has at IT department with active directory. I would like to talk with IT, about getting Active Directory Certificate services setup so I can be issues with a Internal Cert to sign my app.
What documentation does Microsoft release regarding if they recommend AD CS. Is there any documentation that says if a domain doesn’t have a AD CS its not complete or its not whole?
Im sort of looking for historical document too. I want to be able to demonstrate to management the importance of AD CS for signing encryption and use of TPM on our laptops.
Thank you in advance for your help.

Active Directory Certificate services question

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.