Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,

Published byVerity Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,"— Presentation transcript:

1 Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling, CTO, Oxford Computer Group #OCGUS16 @OCGUSOfficial

2

3

4 Administrator privileges will be compromised: social engineering, bribery, private initiative 50 years ago we gave the administrator the keys to the kingdom; we can’t just take it away All the commonplace attacks exploit privileged accounts: Stolen admin credentials Insiders Malicious service provider staff 

5

6 Capability and time needed Result = limited in time & capability

7 Secure Privileged Access: On-Premises MIM 2016 PAM

8 1 2 3

9 X

10

11 PAM Demo Microsoft Identity Manager 2016

12 Complete list of cmdlets at: https://technet.microsoft.com/en-us/library/mt604080.aspx

13 Azure AD Privileged Identity Management

14

15

16 DEMO Azure AD Privileged Identity Management

17 Global adoption (over 40 countries) Increasing customer usage (weekly) Data from a Preview Customer

18 -Upcoming Update Microsoft Identity Manager 2016

19 JIT groups for Priv domain PAM PowerShell Deployment Email requests and approvals with Exchange Online Customer Reported Bug Fixes Hardened Security Updated Platform Support Cross Browser Support

20

21 2016 Redmond Summit Sponsors

22 Thank you!

23 Just In Time Administration Compliance Mapping JIT Security and Compliance Capability ISO 27001: 2013PCI DSS 3.1FedRAMP; NIST 800-53 Revision 4 Controlling Logical Access Privileges and Implementing Least Privilege Access A.9.1 – Business requirement of access control A.9.1.2 – Access to networks and network services A.9.2.2 – User access provisioning A.9.2.3 – Management of privileged access rights A.9.4.1 – Information access restriction A.9.4.5 – Access control to program source code 7.1 – System components and cardholder data access restricted to job-based needs 7.1.2 – User ID access based on least privileges 7.1.3 – Assigning access to job function and classification 7.1.4 – Documented approval of access privileges 7.2.2 – Assigning privileges to job function and classification 7.2.3 – Default “deny-all” setting 12.5.4 – Administer user accounts 12.5.5 – Monitor and control all access to data AC-2 – Account Management AC-3 – Access Enforcement AC-6 – Least Privilege AC-6 (1) – Authorize Access to Security Functions AC-6 (2) – Non-Privileged Access for Non-Security Functions AC-6 (5) – Privileged Accounts AU-9 (4) – Audit Access by Subset of Privileged Users CM-5 – Access Restrictions for Change CM-5 (1) – Automated Access Enforcement CM-5 (5) – Limit Production / Operational Privileges Access Logging / Monitoring / Auditing A.12.4.1 – Event logging A.12.4.3 – Administrator and operator logs 10.2.2 – Logging actions by root privileges individual 10.2.5 – User changes logging AC-2 – Account Management AC-2 (4) – Automated Audit Actions AC-2 (12) – Account Monitoring AC-6 (9) – Auditing Use of Privileged Functions AU-2 – Audit Events AU-12 – Audit Generation CM-5 (1) – Automated Access Enforcement

Download ppt "Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,"

Similar presentations

Attie Naude 14 May 2013 Windows Azure Mobile Services.

Attie Naude 14 May 2013 Windows Azure Mobile Services.
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.
Security Controls – What Works

Security Controls – What Works
Understanding Active Directory

Understanding Active Directory
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Network security policy: best practices

Network security policy: best practices
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.

1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Cracking Windows Access Control Andrey Kolishchak www.gentlesecurity.com Hack.lu 2007.

Cracking Windows Access Control Andrey Kolishchak Hack.lu 2007.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google