Having separate administrator accounts is a good step to take, but the accounts should not be synced at all costs. That is why it’s of paramount importance to use cloud-only accounts for your administrators. This is because an attacker does not have to guess the password of the cloud account, as it will be the same as the on-premises one. If an on-premises account is breached, it is much easier to pivot to the cloud account if they share the same set of credentials. Register Today! Administrator Accountsīecause many organizations synchronize identities from the on-premises environment to the cloud, this is an easy way for attackers to execute the lateral movement. TEC Talk: Five Things Microsoft 365 Security Administrators Should Do in 2023ĭon't miss Tony Redmond's free TEC Talk, March 23rd at 11:00 am EST. This goes to show you how much power the on-premises service account has, as it has a direct connection between your on-premises and cloud environment. In this presentation, he shares how the two environments are connected and how a user with on-premises access can reset the account of a global administrator, or even completely delete the account. Nestori Syynimaa shares a great deep-dive example of Azure AD Connect abuse. They are considered a tier-0 servers and should only be administrated by as few people as possible.ĭr. This is why an Azure AD Connect server should be secured with the same care as Domain Controllers. If a threat actor breaches the server hosting the Azure AD Connect application, the effects could be disastrous. This means the application has permissions to update identities in both on-premises AD and Azure Active Directory. A complete comparison of all features is available here.īecause Azure AD Connect is responsible for replicating identities between the two environments, it must have permissions in both environments. Cloud Sync is the newer variant of Azure AD Connect, but it does not have feature parity at the time of writing. The application used is either Azure AD Connect or Cloud Sync. ![]() Treating the Office as a Public Networkīoth on-premises and cloud environments are connected using an application to synchronize directory objects.
0 Comments
Leave a Reply. |