dansk industri data protection by design - digital.di.dk digital/5 martin... · dansk industri...
TRANSCRIPT
Martin Kiær
Security & Cloud Architect
Microsoft Enterprise Services, Corp HQ
Dansk Industri – Data Protection by Design
Fact: Active Directory and Administrators control most of the assets within your enterprise
You should always treat
your Active Directory as a
High Value Asset (HVA) as
part of your classification
strategy
2. Time-bound privileges (no permanent admins)http://aka.ms/PAM http://aka.ms/AzurePIM
1. Privileged Access Workstations (PAWs) Phases 2 and 3 –All Admins and additional hardening
(Credential Guard, RDP Restricted Admin, etc.)http://aka.ms/CyberPAW
4. Just Enough Admin
(JEA) for DC Maintenancehttp://aka.ms/JEA
987252
1
6. Attack Detectionhttp://aka.ms/ata
5. Lower attack surface
of Domain and DCs http://aka.ms/HardenAD
Build visibility and control of administrator activity, increase protection against typical follow-up attacks
3. Multi-factor for elevation
Identity as the control plane (legacy)
On-premises
Windows ServerActive Directory
VPN
BYO
SaaSAzure
Cloud
Publiccloud
Customers
Partners
Identity as the control plane (our vision)
On-premises
Windows ServerActive Directory
VPN
BYO
Microsoft Azure Active Directory
Azure
Cloud
Publiccloud
Customers
Partners
Customers
Azure AD as the control plane
On-premises
Partners
Azure
Cloud
Publiccloud
Microsoft Azure Active Directory
BYO
Windows ServerActive Directory
A comprehensive identity and
access management cloud
solution for your employees,
partners, and customers.
It combines directory services,
advanced identity governance,
application access management,
and a rich standards-based
platform for developers. B2E B2B B2C
Azure Active Directory as the control plane
Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection(Identity Bridge)
On-premises
Other directories
Windows ServerActive Directory
SaaSAzure
Publiccloud
CloudMicrosoft Azure Active Directory
CustomersPartners
With Azure AD Premium, Bristow Group now has
the capabilities for multifactor authentication;
access control (dependent upon device health
and user location); holistic security reports;
audits; and alerts. Azure Active Directory makes
the work of a busy and mobile workforce easier,
secures data and protects access to the
company’s assets both in the cloud and on-
premises.
- Kapil Mehta Productivity &
Directory Services Manager
Cloud-powered protection
Protect against
advanced threatsConditional access
to resources
Compliance Reporting
Mitigate
administrative
risks
Conditions
Allow access or
Block access
Actions
Enforce MFA per
user/per app
User, App sensitivity
Device state
LocationUser
NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES
CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY PROTECTION
Risk
CLOUD-POWERED PROTECTION
CLOUD-POWERED PROTECTION
Identity Protection at its best
Risk severity calculation
Remediation recommendations
Risk-based conditional access automatically protects against suspicious logins and compromised credentials
Gain insights from a consolidated view of machine learning based threat detection
Leaked credentials
Infected devices Configuration
vulnerabilities Risk-based
policies
MFA Challenge Risky Logins
Block attacks
Change bad credentials
Machine-Learning Engine
Brute force attacks
Suspicious sign-in activities
CLOUD-POWERED PROTECTION
Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Security/Monitoring/Reporting SolutionsNotifications
Data Extracts/Downloads
Reporting APIs
Apply Microsoft learnings to your existing security tools
Microsoft machine - learning engine
Leaked credentials
Infected devices Configuration
vulnerabilities Brute force
attacksSuspicious sign-
in activities
CLOUD-POWERED PROTECTION
Discover, restrict, and monitor privileged identities
Enforce on-demand, just-in-time administrative access when needed
Provides more visibility through alerts, audit reports and access reviews
Global Administrator
Billing Administrator
Exchange Administrator
User Administrator
Password Administrator
CLOUD-POWERED PROTECTION
How time-limited activation of privileged roles works
MFA is enforced during the activation process
Alerts inform administrators about out-of-band changes
Users need to activate their privileges to perform a task
Users will retain their privileges for a pre-configured amount of time
Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews
Audit
SECURITY ADMIN
Configure Privileged
Identity Management
USER
PRIVILEGED IDENTITY MANAGEMENT
Identity
verificationMonitor
Access reports
MFA
ALERT
Read only
ADMIN PROFILES
Billing Admin
Global Admin
Service Admin
"Azure AD Premium makes life simpler
for the business and for employees.
It gives them access to enterprise
applications from any device with a
single sign-on that is secure and reliable.
That is fundamental in increasing the
adoption of cloud technology.”
- Kapil Mehta, Productivity &
Directory Services Manager
1000s of apps,1 identity
Single sign-on
for SaaS apps
Single
sign-on
for mobile
apps
Support for
lift-and-shift
of traditional
apps to the
cloud
Secure remote
access to
on-premises
app
Connect your
on-premises
identities
to the cloud