Event banner
Event details
- What is Microsoft's current recommendation for bringing MFA to on-prem admin accounts like Domain Admins without syncing to EntraID?
- Chris Ayres
Microsoft
Hi Jeff, the current design pattern for this is to have one account that is synced to Entra to which we can apply MFA and a secondary account that is used for the actual privileged action on the end service. The first account is used to actual allow the network path to be opened and then second account is the priv account then used for performing whatever the necessary action is. With the enforcement options we are building on the DC side, what that would mean is that without first going through Entra Private Access and authenticating the network path would the connection would not be allowed mitigating any risks of going direct to the service.
- Trevor_Rusher
Community Manager
Welcome to "Level up identity protection: building a modern ITDR practice" and the Microsoft Security Tech Accelerator! Have a question? Post here in the Comments so we can help. Let’s make this an active Q&A! - Trevor_Rusher
Thanks for joining us! We hope you enjoyed this session. The Microsoft Security Tech Accelerator continues. Up next: Ask Microsoft Anything: Microsoft SIEM & XDR: Introducing the new Unified Security Operations Platform.
If you missed the live broadcast, don’t worry—you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Security Tech Accelerator! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- What kind of auditing and alerting can be created around creating exceptions in Defender for Identity?
- Martin_Schvartzman
Every setting change in the portal is audited. Today you can open a support case and ask for the audit logs, but we'll release soon the option to search and export the audit log directly from the portal.
Though this page is not Defender for Identity explicit documentation, you can see more details about this capability and how to use it here: https://learn.microsoft.com/en-us/purview/audit-new-search
- how can organizations that are providing managed security services to clients efficiently manage the Entra features in the remote tenant? Azure Lighthouse does not support this scenario.
- Chris AyresHi Dean, unfortunately from the Defender XDR and MDI side we do not directly cover how this scenario would work. We do have a multi-tenant solution for Defender XDR as documented here: https://learn.microsoft.com/en-us/microsoft-365/security/defender/mto-overview?view=o365-worldwide. On the Entra side there are some options that allow multi-tenant setups which you may want to investigate as documented here: https://learn.microsoft.com/en-us/entra/identity/multi-tenant-organizations/overview#multitenant-organization-preview.
- Defender for Cloud and some other upcoming features use the phrase Attack Path to describe the same concept as the "Lateral Movement" screen in this solution, it would be helpful if the same terminology was used across the MS products. I would like to suggest that the Lateral Movement screen be renamed to Attack Path to emphasize the importance and to be consistent with the other products
- Chris AyresHi Dean, thanks for the feedback. This will be certainly be taken into account as we iterate and evolve our service going forwards.
- sarabischof
If you don’t have one yet, create your Tech Community profile today!
- sarabischof
Upgrade your SEIM and XDR skills in the Microsoft Learn Collection aligned to this session.
