Blog Post

Core Infrastructure and Security Blog
6 MIN READ

To AAD Join or Not … That is the Question

MichaelHildebrand's avatar
MichaelHildebrand
Icon for Microsoft rankMicrosoft
May 27, 2022
As we all know, the cloud paradigm shifts in IT continue.  When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was.  Active Directory, GPOs and WINS ...
Updated May 27, 2022
Version 5.0
Michael Hildebrand
kim oppalfens's avatar
kim oppalfens
MVP
May 31, 2022

Case in point on my last paragraph.

 

You've taken the advice of the Mimikatz Author to disable the Office vulnerability introduced by #follina. You've decided to block the "ms-msdt" driven diagnostics functionality.

How would this advice "Setup an AADJ’d PC for your environment and see what your experience is.  Run through typical activities.  What works?  What doesn’t?  Document your efforts and results then prioritize any gaps.", capture the absence of this setting as a gap? Because if you do not capture it, unless I am mistaken, you're reintroducing the vulnerability by following this methodology.

 

(1) :kiwi_fruit: Benjamin Delpy on Twitter: "Want a quick & dirty (but supported by Microsot) way to avoid #follina Office know payloads? Just disable "Troubleshooting wizards" by GPO > https://t.co/0BqTFaHsUj HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics - EnableDiagnostics - 0 By CERT @banquedefrance https://t.co/LXyqhTKsy1" / Twitter