With Identity Access Services Hardening the goal is to prepare your most mission-critical workloads by configuring either your identity management service through best practices
With Identity Access Services Hardening the goal is to prepare your most mission-critical workloads by configuring either your identity management service (Active Directory) through best practices to reduce the attack surface and protect your business assets. In fact, this consultant service will allow you to sync Active Directory with Azure Active Directory in a safe way. We think that the Identity Access Services is the foundation for Microsoft 365 services, and for this reason, is very important to create the identity and access services healthy to manage efficiently the Microsoft 365 ecosystem.
The tools available to protect these resources are the implementation of the Active Directory Tier Model and Local Admin Password Solution (LAPS).
LAPS - Local Admin Password Solution:
Microsoft Local Administrator Password Solution (LAPS) supports local administrator account password management capabilities for domain-joined computers. Passwords are set randomly and stored in Active Directory (AD), protected by ACLs, so that only eligible users can read them or request a reset. Often companies use device imaging products and clone computers with the same local administrative password. This involves having a multitude of devices with the same local administrative credentials that, once intercepted, automatically make administrators of all the machines that have those credentials thus opening the way to the lateral movement of any attacker/threat.
Why is the implementation of LAPS important?
Because through LAPS these processes are integrated and automated and, not to be underestimated, they are supported by Microsoft contrary to what was done in the past (scripts and custom solutions).
Local Administrator Password Solution (LAPS) allows you to:
LAPS - Local Admin Password Solution:
The Active Directory Tier Model improves threat containment within a security zone, where network isolation is not effective or sufficient. To understand how important, it is to manage administrative levels, it is enough to mention the credential theft techniques such as "Pass the Hash" or "Pass the ticket" which often have as their origin, precisely access with administrative privileges of level 0 and 1 from a PC of a standard user. Such access involves exposing these credentials on the PC, potentially allowing a hacker, who has access to it, to make lateral movements and escalation with administrative privileges to Active Directory. Therefore, implementing the tiered model helps significantly mitigate the credential theft that is driving the most frequent security breaches.
Agenda:
The total Tiering activity (all 3 levels) is difficult to quantify as it involves the administrative department with continuous changes to have the least possible impact on productivity. For this reason, we will complete the whole tier2 in collaboration with the customer to make it autonomous in the continuation of the higher levels.