If you have Office 365, Azure or any other Microsoft cloud service you have Azure Active Directory.
And like on-prem AD, Azure AD is the heart and soul of security for:
- Office 365
- Azure VMs, Storage, etc.
- Other cloud services integrated with Azure AD like CRM
But in the most common hybrid scenarios, Azure AD can even impact security back home on your on-prem Active Directory. After all, Azure AD Connect is a 2-way street in most deployments.
You are probably using AD Connect and ADFS, and when federation and synchronization are working it’s easy to forget Azure AD even exists. But that’s dangerous. And it’s dangerous to treat Azure AD as a separate entity from your on-prem AD or to simply view Azure AD as a projection of on-prem AD in the cloud.
In this webinar, we will dive into the security features of Azure AD and identify the risks that need to be recognized and mitigated.
Many of the lessons learned from on-prem AD apply to Azure AD. For instance, we’ll talk about why the workstations of Azure AD privileged users need to be held to the same standards as admins accessing on-prem AD.
Of course, some of the things we have to worry about with on-prem AD – like physical security domain controllers – don’t apply to Azure AD. But there are other risks that are new to Azure AD. For example, by default administrator access to Azure AD is just sitting out there exposed to the entire Internet with a simple password. Do you even know who first created your Azure AD tenant? For that matter how many different Azure AD directories do you have?
Azure AD is maturing. Only a few years ago there was no fine-grained admin authority or the ability to delegate privileged access according to the principle of least privilege. That has improved with the introduction of Azure Active Directory (Azure AD) role-based access control (RBAC). But the old Azure Roles still exist with some Frankenstein-ish results.
Here’s a few of the technical areas we’ll address:
- Privileged access controls
- Administrative roles
- Scopes
- Administrative units
- Groups vs. roles
- How to determine who really has access to Azure AD
- Delegation with custom roles
And speaking of roles, wow, that can be confusing. We’ll try to untangle the difference between:
- Azure Roles
- Azure AD Roles
- O365 Roles
This real training for free event is sponsored by BeyondTrust’s Cloud Privilege Broker solution which provides visibility and management of entitlements for Azure Active Directory as well as other core IAM technologies in clouds like AWS.
Please join us for this real training for free Session.