Event banner

An ounce of prevention is worth a pound of detection

Event Ended
Thursday, Mar 28, 2024, 11:30 AM PDT
Online

Event details

With Identity Threat Detection and Response (ITDR) continuing to trend in the realm of identity security, systems protecting Active Directory tend to focus on real-time detection of attacks, using advanced forms of obfuscation, or intercepting authentication and injecting multifactor authentication (MFA). And while these all have their place in a defense-in-depth model, they tend to distract us from proactively securing Active Directory.

Let's look at why securing Active Directory proactively is a critical piece of identity security. In this session, we explore how proactively securing Active Directory can close the door on attack paths. We'll share resources to help you assess the security posture of Active Directory. We'll also explore how tools like the Security Compliance Toolkit or CIS Benchmarks can help accelerate Active Directory security.

Speaker: Eric Woodruff

 

Thanks for tuning in to the Windows Server Summit on demand!

Char_Cheesman
Updated Dec 27, 2024

19 Comments

  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 29, 2024

    Thank you for joining us this week for the Windows Server Summit! Q&A is now closed, but all sessions are available on demand so you can watch and learn when it is convenient for you. We hope you enjoyed the event.

  • Niel_Morgan's avatar
    Niel_Morgan
    Copper Contributor
    Mar 28, 2024
    Is the RPC auditing/firewall feature-set enhancement making it into Windows Server 2025? Have an internal enhancement that seems like it would be related to this demo as a layer in the security puzzle - support and third parties confirmed this appears to not be fully implemented. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-rpc-events such as 5712 (worked with support and found that these events were not actually implemented in the operating system on Windows Server 2019 / 2022 domain controllers, also helpful on clients, but more sensitive there for certain.)
  • PeterJ_Inobits's avatar
    PeterJ_Inobits
    Iron Contributor
    Mar 28, 2024
    Is this there a list of software applications and systems that support MSA and GMSA objects. That would really be useful in generating remediation plans for my customer.
    • msfthiker's avatar
      msfthiker
      MVP
      Mar 28, 2024
      Peter I haven't come across a published list of software, say from something like ISVs, that support MSA/gMSA. I would suspect if something existed it would be a community project, but likely only to encompass software and vendors that are known.
      • Karl-WE's avatar
        Karl-WE
        MVP
        Mar 28, 2024

        NedPyle and team once created the negative list for SMB1. Maybe the team for managed service accounts can create such thing for software still using username/password serviceaccount with no option to support Managed Services accounts. 

        this on top of the "sorry, we require NTLM" list 🙂 

    • Karl-WE's avatar
      Karl-WE
      MVP
      Mar 28, 2024
      Second that. Huge shout out to Semperis for these tools and community offer.
  • Karl-WE's avatar
    Karl-WE
    MVP
    Mar 28, 2024
    Azure Stack HCI expects an OU with GPO inheritance disabled. When deploying Azure Stack HCI in the same AD as prod, or better in a seperate AD, would it make sense to apply Security GPO Baselines still? Or can we rely on Azure Policies doing this?
    • msfthiker's avatar
      msfthiker
      MVP
      Mar 28, 2024
      That's a great question Karl. As far as securing the server estate outside of Domain Controllers, especially for specialized systems such as HCI, I'd have to get back to you as far as an answer. I know that there is overlap between Azure Policy and Group Policy, but securing HCI is outside of the realm in which I really work these days.
      • Karl-WE's avatar
        Karl-WE
        MVP
        Mar 28, 2024
        Thank you for going the extra mile. I am really curious since, my preferred scenario, setting up a seperate domain for Azure Stack HCI only, we could still consider GPO baseline for protecting the domain controllers "serving" Azure Stack HCI cluster, if not the nodes itself. I can imagine that hosts are protected by Azure Policy but the DCs could be "out of scope". Hope you see my curiosity and, can name it concerns?
    • msfthiker's avatar
      msfthiker
      MVP
      Mar 28, 2024
      Absolutely Peter, and it's tough to even scratch the surface in 30 minutes.
      • PeterJ_Inobits's avatar
        PeterJ_Inobits
        Iron Contributor
        Mar 28, 2024
        The one if find an awful lot of is stale unused accounts with excessive privileges left lying around....
  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 28, 2024

    Welcome! An ounce of prevention is worth a pound of detection is starting now. If you have any questions or feedback for our product teams, please post them here in the Comments.

Date and Time
Mar 28, 202411:30 AM - 12:00 PM PDT