Three Active Directory vulnerabilities were addressed in the October 2021 Updates

Windows Update

When looking at the October 12th, 2021 updates today, I noticed three updates that specifically address vulnerabilities in Active Directory Domain Services and DNS. These vulnerabilities affect domain controllers at the heart of many networking infrastructure environments.

About the vulnerabilities

Three vulnerabilities were addressed:

CVE-2021-40460 RPC Runtime Security Feature Bypass Vulnerability

CVE-2021-40460 is a vulnerability that could allow an attacker to bypass Extended Protection for Authentication provided by servicePrincipalName (SPN) target name validation over the network. The CVSSv3 score of this vulnerability is 6.5/5.7.

An update is available for all supported Operating Systems.

CVE-2021-40469 DNS Server Remote Code Execution Vulnerability

CVE-2021-40469 is a remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account over the network. The CVSSv3 score of this vulnerability is 7.2/6.5.

Proof of Concept (PoC) code for attacking this vulnerability already exists.

An update is available for (domain controllers running as) DNS servers running Windows Server 2008, and up.

CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability

CVE-2021-41337 is a vulnerability that could allow an attacker to bypass Active Directory domain permissions for the Key Admins and Enterprise Key Admins groups over the network. The CVSSv3 score of this vulnerability is 4.9/4.3.

An update is available for domain contollers running Windows Server 2016, and up, as the above groups were introduced with Windows Server 2016.

Call to action

I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.

0  

Three vulnerabilities in AD FS were addressed at this month's Patch Tuesday

Windows Update

When looking at the October 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in Active Directory Federation Services (AD FS).

About the vulnerabilities

Three vulnerabilities were addressed today:

CVE-20221-40456 AD FS Security Feature Bypass Vulnerability

CVE-2021-40456 is a vulnerability that could allow an attacker to bypass BannedIPList entries for WS-Trust workflows in Active Directory Federation Services (AD FS) over the network. The CVSSv3 score of this vulnerability is 5.3/4.6.

This vulnerability only exists in AD FS servers running Windows Server 2019, Windows Server 2022, Windows Server, version 2004 and Windows Server, version 20H2.

CVE-2021-26442 HTTP.sys Elevation of Privilege Vulnerability

CVE-2021-26442 is a vulnerability that could allow an attacker to elevate to SYSTEM privileges on the local AD FS server. The CVSSv3 score of this vulnerability is 7.0/6.1. The vulnerability was responsibly disclosed by Erik Egsgard with Field Effect Software.

This vulnerability exists in AD FS servers running Windows Server 2008, and up.

CVE-2021-41361 AD FS Spoofing Vulnerability

CVE-2021-41361 is a vulnerability in AD FS during the logout redirect request to cross-site scripting of the post logout redirect URI. An attacker who successfully exploited this vulnerability over the network could leave an application using this AD FS library vulnerable to common XSS attacks. The CVSSv3 score of this vulnerability is 5.4/4.7. The vulnerability was responsibly disclosed by Nadish Shajahan.

This vulnerability exists in AD FS servers running Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server, version 2004 and Windows Server, version 20H2.

Call to action

I urge you to install the necessary security updates  on Windows Server installations, acting as Active Directory Federation Services (AD FS) servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, acting as Active Directory Federation Services (AD FS) servers, in the production environment.

0  

Veeam Backup and Replication v11a offers new support capabilities

Veeam Availability`Suite 9.5 Update 3a

Two weeks ago, we saw the release of Veeam Backup and Replication version 11a. Veeam Backup & Replication 11a is the newer build of version 11. This update includes over 2000 enhancements and fixes based on customer feedback. It also includes fixes from all cumulative patches for the original v11 release.

What's New

Veeam Backup and Replication v11a adds the following new features and enhancements:

Platform support

With v11a, Veeam Backup and Replication brings support for:

  • Microsoft Windows Server 2022
  • Microsoft Windows 10 21H1
  • Microsoft Windows 11 based on the pre-release build
  • Microsoft Azure Stack HCI 21H2
  • Red Hat Enterprise Linux 8.4
  • CentOS 8.4
  • Ubuntu 21.04
  • Debian 11
  • SUSE Linux Enterprise Server (SLES) 15 Service Pack 3
  • OpenSUSE Leap 15.3
  • Fedora 34
  • VMware Cloud Director 10.3
  • VMware VMC 15
  • VMware vSphere 7.0 Update 3 based on the pre-release build

Cloud support

With v11a, Veeam Backup and Replication brings support for:

  • Google Cloud Platform (GCP)
  • Native backup and recovery to Amazon Elastic File System (Amazon EFS) systems and Microsoft Azure SQL Databases
  • Amazon S3 Glacier and Glacier Deep Archive, Microsoft Azure Archive Storage and Google Cloud Archive storage
  • Integrations with AWS Key Management Service (KMS) and Azure Key Vault

On-premises support

With v11a, Veeam Backup and Replication brings support for:

  • Instant Recovery to Nutanix AHV
  • Centralized management for IBM AIX and Oracle Solaris protection
  • Red Hat Virtualization (RHV) v4.4.7, and up based on the supported public beta
  • Kasten by Veeam K10 integration based on the upcoming Kasten K10 v4.5

Concluding

As Veeam Backup and Replication v11 doesn't support vSphere 7.0 Update 3, natively, version 11a is a welcome update.

Further reading

Veeam Backup for Microsoft Office 5d adds support to install on top of VBR 11a  
What Veeam Backup & Replication v11 means for Identity-focused admins
Veeam Backup and Replication version 10a adds support for the latest technology

0  

HOWTO: Provide access to Employees Only in Azure AD

Azure Active Directory

Azure Active Directory is extremely versatile and offers profound ways to share applications, data and functionality with people outside your organization. However, sometimes you don't want to share things with people outside your organization. Here's how.

 

The problem with All Users

One of the first things you need to realize in Azure AD when it comes to user management is that the All Users group, really includes all users. The All Users group includes guest accounts, too.

Guest accounts are user objects that stem from an invitation that was sent out by (a user in) your organization to a person that you(r organization) want(s) to collaborate with. Default settings in Azure AD allow any person with a user object in Azure AD to invite others, and allows invited people to allow others, as well. It's a gift that keeps on giving…

In Conditional Access, an 'All Guests' option is available, but no 'Employees-only' option. To compound to the challenge is the fact that certain Conditional Access mechanisms only work when you apply the policy to the All Users scope. For instance, the Office 365 app may work in unexpected ways when you don't apply it to the All Users scope.

 

 

Differentiating between Employees and Guests

Guest accounts have two distinct attributes that set them apart from user accounts:

  • Their userPrincipalName attribute contains the string '#EXT#@'
  • Their user type is typically 'Guest', not 'Member'.

Note:
Azure AD admins can change the usertype for a guest to make the account become a member.

 

HOWTO: Create an Azure AD group with employees only

To create an Azure AD group with employees only, perform these steps:

  • Sign in to the Azure AD portal using an account that has the Global administrator or Groups administrator role assigned.
  • In the left navigation pane, click on (the icon of) Azure Active Directory.
  • In Azure AD’s navigation menu, click on Groups.
  • Click + New group.
  • In the New Group pane, specify the following information:
    • For Group Type select Security from the drop-down list
    • As the Group name specify a group name that fits the organization’s naming convention.
    • Use the Group description to denote that this group contains employees only.
    • As the Membership type select Dynamic User.
  • Click the Add dynamic query link.
  • Click + Add expression.
  • First, select userType. Select the Equals operator and then Member as the value.
  • Click + Add expression again.
  • Select userPrincipalName. Select the Not Contains operator and then #EXT#@ as the value.
  • The Rule syntax field now displays:

(user.userType -eq "Member") and (user.userPrincipalName -notContains "#EXT#@")

  • Click the Save button at the top of the Dynamic membership rules pane.
  • Click the Create button at the bottom of the New Group pane.

 

Use this group with Conditional Access

As this is a security group, you can use the group in your Conditional Access policies to differentiate between guest users and employees, as soon as the group is populated.

Note:
Dynamic group population may take up to an hour.

Perform these steps:

  • Sign in to the Azure AD portal using an account that has the Global administrator or Conditional Access administrator role assigned.
  • In the left navigation pane, click on (the icon of) Azure Active Directory.
  • In Azure AD’s navigation menu, click on Security.
  • In the Security navigation menu, click Conditional Access.
  • Click the + New policy link at the top of the Policies pane.
  • In the New pane, for the Name field, provide a name for the Conditional Access policy that fits the organization’s naming convention.
  • Click the 0 users and groups selected link beneath Users and groups in the Assignments area.
  • Click Select users and groups and then Users and groups.
    The Select blade appears.
  • Type the name of the previously created group in the search box. Select its search result.
  • Click the Select button at the bottom of the Select blade to select the group and close the blade.
  • Specify the rest of the Conditional Access policy's Assignments and Access controls.
  • Set the Enable policy switch to On at the bottom of the New pane.
  • Click the Create button.

Once the group is populated, Conditional Access provides the access controls to  employees only.

 

Use this group to provide access to applications

When you want to use this group to assign applications, and effectively lock out guest users, perform these steps:

  • Sign in to the Azure AD portal using an account that has the Global administrator or Application administrator role assigned.
  • In the left navigation pane, click on (the icon of) Azure Active Directory.
  • In Azure AD’s navigation menu, click on Enterprise applications.
  • From the list of available cloud apps, select the app for which you want to provide access to employees only.
  • In the app's navigation menu, click Properties.
  • On the Properties pane for the app, set the option for User assignment required? to Yes.
    This option prevents guest users from accessing the application using a shared url.
  • In the app's navigation menu, click Users and groups.
  • Click the + Add user/group link at the top of the Users and groups pane.
  • Click the None Selected link underneath Users and groups.
    The Users and groups blade appears.
  • Type the name of the previously created group in the search box. Select its search result.
  • Click the Select button at the bottom of the Users and groups blade to select the group and close the blade.
  • Click the Assign button at the bottom of the Add Assignment pane.

Once the group is populated, the app is accessible to employees only.

Note:
Dynamic group population may take up to an hour, so you might want to wait for population of the group, before limiting access to apps…

 

Concluding

An 'Employees only' group would probably be a good idea for Azure AD.

0  

What's New in Microsoft Defender for Identity in September 2021

Microsoft Defender for Identity

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

 

What's New

In September 2021, one new version of Microsoft Defender for Identity was released, introducing the following improvements:

 

New Security Alert

A new security alerts was added: gMSA account password was retrieved by a user

In this detection, initially released with Microsoft Defender for Identity release 2.161, a security alert is triggered whenever a user successfully retrieves the password of a group Managed Service Account (gMSA).

Note:
This detection relies on Windows event 4662, so it must be configured beforehand.

 

Improvements and bug fixes for internal sensor infrastructure

The september 12, 2021 Defender for Identity release includes improvements and bug fixes for the internal sensor infrastructure.

0  

On-premises Identity-related updates and fixes for September 2021

Windows Server 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. Additionally, Windows Server 2022 received its first share of updates, last month.

These are the Identity-related updates and fixes we saw for September 2021:

 

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB5005573 September 14, 2021

The September 14, 2021 update for Windows Server 2016 (KB5005573), updating the OS build number to 14393.4651 is a monthly cumulative update.

It includes one Identity-related quality improvement. It addresses an issue that causes Authentication Mechanism Assurance (AMA) to stop working. This issue occurs when you migrate to Windows Server 2016 (or newer versions of Windows) and when using AMA in conjunction with certificates from Windows Hello for Business.

 

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB5005568 September 14, 2021

The September 14, 2021 update for Windows Server 2019 (KB5005568), updating the OS build number to 17763.2183 is a monthly cumulative update.

It includes the following Identity-related quality improvements:

  • It addresses an issue that causes Authentication Mechanism Assurance (AMA) to stop working. This issue occurs when you migrate to Windows Server 2016 (or newer versions of Windows) and when using AMA in conjunction with certificates from Windows Hello for Business.
  • It addresses an issue that might occur when you configure the Delete user profiles older than a specified number of days on system restart Group Policy setting. If a user has been signed in for longer than the time specified in the policy, the device might unexpectedly delete profiles at startup.
  • It addresses a race condition in the server message block (SMB) client that might slow the I/O for a connection until the I/O times out.

 

KB5005625 September 21, 2021 Preview

The September 21, 2021 update for Windows Server 2019 (KB5005625), updating the OS build number to 17763.2210 is a preview update.

It includes the following Identity-related quality improvements:

  • It addresses an issue that causes the system time to be incorrect by one hour after a daylight saving time (DST) change.
  • It addresses an issue with a non-paged pool (NPP) leak from the UxSF pool tag. This leak occurs when lsass.exe stops processing asynchronous Security Support Provider Interface (SSPI) calls.
  • It addresses an issue that causes the configuration for multiple artifact DB support across datacenters to fail for Security Assertion Markup Language (SAML) artifacts.
  • It addresses an issue that causes the LsaLookupSids() function to fail. This occurs when there are security identifiers (SID) for users that no longer exist in a group that contains cross-domain trusted users.
  • It addresses an issue that fails to apply the post_logout_redirect_uri= parameter when you use an External Claims Provider.
  • It addresses an issue that might create duplicate built-in local accounts, such as an administrator or guest account, during an in-place upgrade. This issue occurs if you previously renamed those accounts. As a result, the Local Users and Groups MMC snap-in (lusrmgr.msc) appears blank with no accounts after the upgrade. This update removes the duplicate accounts from the local Security Account Manager (SAM) database on the affected machines. If the system detected and removed duplicate accounts, it logs a Directory-Services-SAM event, with ID 16986, in the System event log.
  • It adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the Package Point and Print – Approved Servers and Point and Print Restrictions Group Policy settings.

This update also introduces the RestrictDriverInstallationToAdministrators registry value with data configured as 1 in HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.

 

Windows Server 2022

We observed the following updates for Windows Server 2022:

KB5005575 September 14, 2021

The september 14, 2021 update for Windows Server 2022 (KB5005575), updating the OS build number to 20348.230 is a monthly cumulative update.

It includes one Identity-related quality improvement. It addresses an issue that prevents the ShellHWDetection service from starting on a Privileged Access Workstation (PAW) device and prevents you from managing BitLocker drive encryption.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.

 

KB5005619 September 27, 2021 Preview

The September 27, 2021 update for Windows Server 2022 (KB5005619), updating the OS build number to 20348.261 is a preview update.

It includes the following Identity-related quality improvements:

  1. It addresses an issue with forcibly resetting a device when a Group Policy is being updated. As a result, the device stops responding.
  2. It addresses an issue that causes a memory leak in lsass.exe when the pTokenPrivileges buffer is not released.
  3. It addresses a Primary Refresh Token (PRT) update issue that occurs if VPN users sign in using Windows Hello for Business when the VPN connection is offline. Users receive unexpected authentication prompts for online resources that are configured for user sign-in frequency in Conditional Access.
  4. It addresses an issue with a non-paged pool (NPP) leak from the UxSF pool tag. This leak occurs when lsass.exe stops processing asynchronous Security Support Provider Interface (SSPI) calls.
  5. It addresses an issue that might prevent users from signing in to a domain controller with Directory Services Restore Mode (DSRM) over Remote Desktop or Hyper-V Enhanced Session.
  6. It addresses an issue that causes LogonUI.exe to stop working because Direct Manipulation fails to start
  7. It addresses an issue that prevents access to files that are on a Server Message Block (SMB) share when you enable Access-based Enumeration.
    • It adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the Package Point and Print – Approved Servers and Point and Print Restrictions Group Policy settings.

This update also introduces the RestrictDriverInstallationToAdministrators registry value with data configured as 1 in HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. It addresses an issue that might prevent the February 11, 2021 update against a Secure Boot Security Feature Bypass Vulnerability CVE-2020-0689 from installing and generates the following error in the Windows cbs.log file:

TRUST_E_NOSIGNATURE

0  

Teasing the Second Edition of my Active Directory Administration Cookbook

With the General Availability of Windows Server 2022, everybody looks at the learning community to get up to speed with Microsoft's latest and greatest Windows Server operating system (OS).

From that perspective, I'm happy to announce that I started work on the Second Edition of my Active Directory Administration Cookbook.

 

What's changing?

Here's what I'm changing in the Second Edition, compared to the original Active Directory Administration Cookbook:

Windows Server 2022

The first edition of the Active Directory Administration Cookbook, the five-star-rated book on managing Active Directory, released on May 3, 2019, was entirely based on how to do things on Windows Server 2019.

This time around, I'm going through all the recipes on Windows Server 2022 to see what's changed. Don't expect a lot of changes in most chapters, though, except for the addition of Windows Admin Center possiblities.

Azure Active Directory

The first edition of the Active Directory Administration Cookbook features three chapters on Azure AD Connect and Active Directory.

The chapters on Azure AD Connect will be updated with recipes focusing on Azure AD Connect v2. I may add one or two recipes for Azure AD Connect Cloud Sync, but I haven't deciced yet.

As the chapter on Securing Azure AD still features baseline policies, it is definitely time for an overhaul. You can expect to see up to date information in this regard.

DNS and Certificates

In the first edition of the Active Directory Administration Cookbook, I had to make some tough choices to reach the desired page count of 550 pages. The book counts 620 pages, so I guess I didn't do a really good job…

For the Second Edition, we can go to 700 pages. This time around, I have room to provide recipes for the Domain Name System (DNS) and for Active Directory Certificate Services (AD CS). It means the Second Edition gets two additional chapters, but also that the book probably falls in a different price category.

PowerShell and Command Prompt

Many of the recipes targeting Active Directory show how to achieve your goal in the Graphical User Interface (GUI), on the Command Prompt and with Windows PowerShell.

In a possible third edition of the Active Directory Administration Cookbook, I'm planning on removing the Command Prompt methods. I haven't used most Command Prompt tools in a long time and I feel most of you haven't either…

 

Stay tuned!

The Second Edition of the Active Directory Administration Cookbook is due for the first quarter of 2022.

0  

Azure AD Connect v2.0.28.0 addresses four issues

Azure AD Connect

The lost two months have been a bonanza for Azure AD Connect releases. Today, Microsoft released version 2.0.28.0 of Azure AD Connect as a maintenance update for it's free solution to synchronize objects from Active Directory and LDAPv3-compatible identity stores to Azure AD.

 

What's Fixed

Installation on servers with .NET Framework v4.6+

Microsoft addressed an issue where the Azure Active Directory Connect Wizard was incorrectly blocking the installation, when the .NET Framework version on the Windows Server installationwas greater than version 4.6, due to missing registry keys.

These registry keys are not required and should only block installation if they are intentionally set to false.

Phantom Object detection

Microsoft addressed an issue where an error would be thrown if phantom objects are found during during the initialization of a synchronization step. This would block the step or remove transient objects. The phantom objects are now ignored.

Note:
A phantom object is a placeholder for an object which is not there or has not been seen yet. If a source object has a reference for a target object which is not there, then Azure AD Connect creates the target object as a phantom object.

 

What's Changed

Group WriteBack script reference

On the Group Writeback page in the Azure Active Directory Connect Wizard, Microsoft removed the download button for the Windows PowerShell script.

The text on the page was changed to include a learn more link, which links to the online article where the Windows PowerShell script can be found.

 

Deselecting objects and attributes that are in use

A change was made that allows an admin to deselect objects and attributes from the inclusion list, even if they are in use. Instead of blocking this, Microsoft now provides a warning, when doing so.

 

Version information

This is version 2.0.28.0 of Azure AD Connect.
This release in the 2.x branch for Azure AD Connect was made available for download as a 153 MB weighing AzureADConnect.msi on September 30, 2021.

Note:
This is the sixth release of Azure AD Connect v2.x that does not allow automatic upgrades.

1  

Veeam Backup for Microsoft Office 5d adds support to install on top of Veeam Backup & Replication 11a

Veeam Backup for Microsoft Office 365

This week, we saw the release of version 5d of Veeam Backup for Microsoft Office 365. Version 5d with build number 5.0.3.1033 provides support for Veeam Backup and Replication 11a. However, it doesn't offer compatibility with Windows Server 2022.

 

What's New

Veeam Backup for Microsoft Office 5d offers support for installations on top of Veeam Backup & Replication 11a.

 

What's Fixed

Backup

  • A retry is not initiated for OneNote and Excel files that have been changed during backup and failed to be processed with the following warning:

The remote server returned an error: (409) Conflict

  • Under certain conditions, in hybrid organizations, adding some users to a backup job fails with the following error:

An item with the same key has already been added

 

Restore

  • In Veeam Explorer for Microsoft Teams, restore of a single team tab may fail with the following error:

Object reference not set to an instance of an object

  • Under certain conditions, in Veeam Explorer for Microsoft Exchange, mounting a standalone Veeam Backup for Microsoft Office 365 repository database restored from a Veeam Backup & Replication backup may fail.

 

RESTful API

  • Under certain conditions, the (GET) /v5/RestoreSessions/{restoreSessionId}/organization/teams/{teamId}/posts/{postId} request fails with the following error:

Post Not Found

  • Saving a SharePoint file as a ZIP archive via REST APIs fails with the following error, if the length of the file path including the file name exceeds 255 characters:

Could not find a part of the path

  • If the Microsoft Teams service is enabled for an organization, no data for such an organization can be requested with the REST API calls earlier than v5.
  • Restoring and saving Teams files with the (POST) /v5/RestoreSessions/{restoreSessionId}/organization/teams/{teamId}/files/{fileId}/action request completes with code 500, although the files are restored successfully.
  • A title of a SharePoint site added to a backup job via REST APIs is empty if such a title has not been explicitly specified.

 

Upgrading to version 5d

If you're running a previous version of Veeam Backup for Microsoft Office 365, you can simply upgrade to version 5d from versions 3.0 (build 3.0.0.422) and upwards. However, upgrades from the beta version of Veeam Backup for Microsoft Office 365 version 5 are not supported.

After upgrading, your installation's build number changes to 5.0.3.1033.

FURTHER READING

KB4203: Release Information for Veeam Backup for Microsoft Office 365 5d
Veeam Backup for Microsoft Office 365 5d Release Notes

2  

I'm presenting a webinar with Randy Franklin Smith and Netwrix

Presenting a webinar

This Tuesday at 6 PM CEST, I'm presenting a webinar with Randy Franklin Smith's Ultimate Windows Security and Netwrix on ten best practices to securing Active Directory and Azure AD.

About Randy Franklin Smith

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.

Randy Franklin Smith is the CEO of the Monterey Technology Group and a CISA, SSCP and a former Microsoft MVP.

About Ultimate Windows Security

UltimateWindowsSecurity.com is the web property of the Monterey Technology Group, devoted to spreading knowledge and understanding of Windows Security, IT Audit and Compliance with exclusive content from Randy Franklin Smith.

About the webinar

We will be presenting a 90-minute webinar through GoToWebinar:

Best practices for securing Active Directory and Azure AD

Tuesday September 28, 2021, 6 PM CEST

Hybrid Identity, involving both on-premises Active Directory and Azure AD, is one of the most common configurations used by organizations today. Because cybercriminals know this, modern attacks have demonstrated the breadth and depth of understanding threat actors have about Microsoft’s directory services – including the vulnerabilities and insecurities that exist therein – that enable successful attacks on Active Directory.

With data breaches and ransomware attacks both leveraging the same need for accessing Active Directory and Azure AD to empower lateral movement both on-premises and in the cloud, it is imperative that both AD and Azure AD are as secure as humanly possible.

So, what aspects of Active Directory and Azure AD provide the greatest risk and the largest threat surface – therefore, requiring your immediate attention?

In this real-training-for-free session we will discuss the prevalence of modern attacks on Active Directory and Azure AD
and where in an attack kill chain Active Directory and Azure AD actually help threat actors.

We take a deep dive into ten specific and practical best practices you can implement relatively easily to secure AD and Azure AD involving:

  • Protocols in use
  • Methods of authentication
  • Use of privileged accounts
  • Ongoing account hygiene
  • Health and Change Monitoring

Also joining us will be David Metzgar, Solutions Engineer from Netwrix, who will be showing how Netwrix Auditor assists in ensuring Active Directory and Azure AD remain in a secure state.

This real training for free event is jam packed with technical detail and real-world application.

Register today!

Join Randy Franklin Smith, Nick Cavalancia, David Metzgar and me for 90 minutes of Active Directory and Azure AD security goodness. Register here.

Note:
These webinars are offered free of charge, thanks to the sponsoring by Netwrix. By signing up for these webinars you agree to their privacy policy.

About Netwrix

Netwrix logoNetwrix empowers information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides.

Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers. Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

0