Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Published byNeil Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next."— Presentation transcript:

1

2

3 Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next in the cloud

4

5 Research & Preparation First Workstation Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker Undetected) 11-14 months Attack Discovered External attackers find admins Use spear-phishing, password guessing,... Leverage Active Directory for lateral movement

6

7 Learn more at CDP-B415 “JEA: A PowerShell Toolkit to Secure a Post-Snowden World” Tuesday, October 28 5:00 PM - 6:15 PM Room: Hall 8.1 Room J

8 Users might have rights they don’t need (and don’t know they have)

9 Least Privilege – Just in Time (JIT) Access, part of Best Practices for Securing AD #7: Eliminate permanent membership in highly privileged groups. #8: Grant temporary membership in privileged groups when needed.

10

11 Prepare Which users have privileged access rights based on AD groups? Protect Step-up lifecycle and AuthN protection of privileged user accounts Operate Users can request Just In Time (JIT) and Just Enough administrator access privileges Monitor Additional auditing, alerts & reports, of privileged access requests

12

13

14

15 Existing AD (without JIT) “CORP” Existing AD Forest(s) WS 2003 or later Existing Apps leverages AD/Kerberos User: CORP\Jen Groups: CORP\File Admins Refresh after: 1 week dn: cn=File Admins,dc=corp member: cn=Jen, dc=corp... User “Jen”

16 Privileged Access Management trust for admin access Microsoft Identity Manager vNext “PRIV” AD DS WS vNext Existing Apps access request User “Jen” leverages AD/Kerberos User: PRIV\JenAdmin Groups: CORP\File Admins Refresh after: 60 minutes dn: cn=File Admins,dc=corp member: cn=Jen, dc=corp... Group: File Admins Domain: CORP Candidates: Jen dn: cn=CORP File Admins dn: cn=JenAdmin member: cn=JenAdmin UNTIL 1 hour from now “CORP” Existing AD Forest(s) WS 2003 or later

17 MIM Service AD DS vNext AuthZ WF Action WF MPR New-PAMRequest MIM Service DB User Group PAM Role Event Log PAM Request Microsoft Identity Manager PowerShell runas whoami /groups

18

19

20

21

22 Tue, Oct 28 5:00 PM - 6:15 PMCDP-B415JEA: A PowerShell Toolkit to Secure a Post-Snowden World Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator Fri, Oct 31 2:45 PM - 4:00 PMCDP-B313Leveraging Service Management Automation and Windows PowerShell JEA in Service Provider Operations

23

24 www.microsoft.com/learning http://developer.microsoft.com http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

25

26

27

Download ppt "Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Identity Manager vNext

Identity Manager vNext
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.

@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.
19 % System Center FY14 Revenue Growth +6700 Large enterprises actively using SC 63% SC customers actively using SCOM 30% SC customers still using.

19 % System Center FY14 Revenue Growth Large enterprises actively using SC 63% SC customers actively using SCOM 30% SC customers still using.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.

What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.

Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.
4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Overview of Access and Information Protection

Overview of Access and Information Protection
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Similar presentations

Ads by Google