Active Directory

Sponsored: In Your Rush to the Cloud, Don't Forget Where You Came From

Editor’s Note: This post is sponsored by ManageEngine.

In the stampede to use (or at least talk about) cloud services, on-premises infrastructure gets little mention nowadays. But even though the cloud has hogged our attention for the past few years, the reality is that most of the data center that existed before the services revolution is still there today. And it’s more important than ever to protect it — in particular, your Active Directory forests that contain all your usernames and passwords.

Why has Active Directory become even more important to protect today? Most companies have chosen to adopt a hybrid identity model that extends their on-premises Active Directory to an Identity as a Service (IDaaS) provider such as Azure Active Directory. If you use Office 365, whether you know it or not you have an Azure Active Directory instance in Microsoft’s cloud. With this hybrid model, users can authenticate to Office 365 and other SaaS apps with their corporate Active Directory credentials.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

IT professionals tend to focus on the security around Office 365. This is good, but partly misses the point: if your on-premises Active Directory isn’t secure, it doesn’t matter how much you’ve locked down Office 365. Attackers will gain administrative access to a compromised Active Directory — and thus Office 365 — regardless of the controls you’ve put on it. They will go after the weakest link.

Therefore, it’s important to ensure that although your organization might be strongly pushing for Office 365 adoption, your management team understands it also needs to secure its Active Directory foundation. In Active Directory’s early days, and even in its “tween years” (Active Directory is seventeen years old after all), organizations could get away with using only the Microsoft out-of-box tools to maintain the application. Although Active Directory’s design has aged very well, the cybersecurity landscape has changed dramatically since the product was conceived.

As a result, a range of third-party security and operational tools are required — not optional — to keep Active Directory healthy and secure. Roughly ordered by importance, these tools include:

  • Backup and recovery (beyond object deletion)
  • Audit
  • Threat detection
  • Governance (identity lifecycle and access reviews to remove unneeded access)

Few companies have all these capabilities in place because the costs can be prohibitive. But what is the cost of not protecting your Active Directory foundation? Microsoft estimates that the average cost of a breach is 15 million dollars. Based on this estimate, detecting and avoiding a breach would pay back these tools’ costs in days.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: