Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Published byArlene Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management."— Presentation transcript:

1

2 Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management

3 Active Directory: the vision

4

5

6 Research & Preparation First Workstation Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker Undetected) 11-14 months Attack Discovered

7

8

9

10 Prepare Which users have privileged access rights? Protect Lifecycle and AuthN protection Operate Users can request elevation Monitor Additional auditing, alerts & reports

11

12

13

14 14 "This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate [to] the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers..."

15 15

16 16 http://blogs.microsoft.com/blog/2014/11/13/ "Microsoft acquires Aorato to give enterprise customers better defense against digital intruders in a hybrid cloud world"

17 Enter-PSSession –ComputerName Server1 –ConfigurationName JustBackup

18

19

20

21

22 Existing AD Forest(s) Existing Apps existing trust Group “Resource Admins” User

23 Existing AD Forest(s) Privileged Access Management trust for admin access Microsoft Identity Manager Configured for PAM AD DS Existing Apps access requests User existing trust User: PRIV\JenAdmin Group memberships: CORP\Resource Admins Refresh after: 60 minutes

24 Admin Jen is assigned to a role The role is pending an elevation process for Jen Jen asks for elevation into the role Elevation process is preparing Role is active Admin Jen gets permissions for the asset Automatic approval Pending MFA Pending Role Owner approval... Lee / Admin Jen / Admin Elevation period ends Role is not active for Jen anymore Automation

25 MIM Service AD DS AuthZ WF Action WF MPR New-PAMRequest MIM Service DB User Group PAM Role Event Log PAM Request Microsoft Identity Manager 2016 PowerShell SOAP and REST APIs

26 In March CTP: "PRIV" forest AD can be either Windows Server Technical Preview or 2012 R2 PowerShell cmdlets, events and elevation via the sample web portal In April CTP: PAM workflow on elevation performs manual approval or Azure MFA Users can cancel their elevation requests Users can elevate to a role with a group in the "PRIV" forest More PowerShell cmdlet options, and more monitoring

27

28

29

30

31

Download ppt "Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management."

Similar presentations

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
TFS WI PriorityPackaging/Test SLADeployment SLA PRI13 business days to UAT4 business hours PRI28 business days to UAT8 business hours PRI314 business.

TFS WI PriorityPackaging/Test SLADeployment SLA PRI13 business days to UAT4 business hours PRI28 business days to UAT8 business hours PRI314 business.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Overview of Access and Information Protection

Overview of Access and Information Protection
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Tim Vander Kooi Systems

Tim Vander Kooi Systems
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects

Similar presentations

Ads by Google