Best Practices for Active Directory

Most organizations are taking advantage of newer methods and Azure Active Directory They started using techniques such as passwordless authentication and methods such as conditional access to protect their systems using cloud-based platforms such as .

This process is usually carried out by creating Hybrid structures. In this case, On-Premises Active Directory servers are critical to organizations because they continue to be targets for attackers.

Domain Controller's (DC) attacks is always a top priority for administrators. Here are some ways organizations can help keep their DCs secure:

  • Restricting the use of Domain Admin privileges
  • RDP access or mmc Using jump for access
  • No third party software installed on DC Servers
  • Restricting DCs' internet access

A modern security team must regularly review these best practices to identify where improvements can be made.

Microsoft regularly releases advisories and patch updates to ensure the highest possible level of protection and support for its customers. Cloud-powered security provides the most effective defense against modern threats and eliminates all constraints such as compute, capacity, and scalability.

Finally, Microsoft is no longer recommending that DCs not have internet access. Instead, it has made new recommendations that align with the changing security landscape. Rather than completely isolating DCs from internet access, Microsoft recommends modern threat protection to continuously monitor for breaches.

This is accomplished by detecting identity-based threats in on-premises environments with tools like Defender and helping customers block threats and lateral movement. Microsoft’s Defender for Identity is a Active Directory has proven its effectiveness by remaining in existence, which necessitates an update of the best practice guide.

Microsoft recommends organizations use Defender for Identity to provide cloud-assisted protection for on-premises Active Directory. This can be accomplished by having DCs and AD FS servers securely communicate with the cloud service via a hardcoded, one-way connection.

Finally, for organizations that are in completely isolated environments for legal or regulatory reasons, the recommendation is to completely restrict domain controllers from any internet access and use technical and policy-based controls for security.

Identity threat protection is just one part of an organization’s security strategy. Microsoft recommends using the comprehensive Microsoft 365 Defender product line that protects identities, endpoints, applications, and cloud infrastructure. Microsoft will continue to protect its customers and partners in the most secure way possible and provide them with the best protections. It removes deployment barriers to enable organizations to benefit from the best protections from Microsoft in the simplest way possible.


Benzer Yazilar – Best Practices for Active Directory

Comment