Professional Documents
Culture Documents
2016 11 17.UWS WebinarSlides
2016 11 17.UWS WebinarSlides
2016 11 17.UWS WebinarSlides
Sponsored by
Azure AD and On-Premise AD and
How Synchronization and Federation
Play In
Thanks to
Todays hybrid Active Directory environment
Preview of
On-Prem AD
key points
Azure AD
Synchronization with Azure AD Connect
Federation
Audit log management
On prem
Cloud
Connecting it all together
Enterprise audit and monitoring for the entry hybrid
environment
Active
Directory in
todays hybrid
environment
Azure AD Connect
System level Account Management
On-Prem AD
Audit policies
User management
Windows on Domain
Audit policies
Group management
Controllers
User management
Computer
auditing
Group management
User rights management
Computer
Directory Service
Security policies Domain controllers management
Categories
System operations and their local
Audit Directory
Changes
Logons Security Logs
Audit categories
Security Windows
All except those below
Log
AD
Active Directory
Users, groups, computers,
OUs, Group Policy Objects Windows
Audit categories Security
Log AD
Account Management
Directory Service Access
Directory Service
Changes Windows
Security
Destination Log AD
Security log on each Audit policies
domain controller
User management
Audit
policies
Group management
All others
Computer
management
System level
Azure AD Not applicable
auditing
Active Directory Azure Active
Users, groups, computers Directory
Audit categories
Not applicable on by default
Destination
Initial
Graph API Graph API
Graph
All Azure events
Office 365 Unified Audit Log
Azure AD events
Mgt Activity API
O365
In almost all cases you are
Do you need synchronizing on-prem AD to
Azure AD
to audit Azure
So if Azure AD is just a
AD? projection of on-prem AD why
monitor? Objects
Synchd objects from on-
Sync'd
prem is only a subset of the
objects in Azure AD
Including very important Objects
tenant admin accounts
Creating a blind spot
against one of the most
important risks
Intruder gains
privileged access to
your tenant
Federation impacts authentication
How does not account management and
directory security
federation
You still have
affect the On-prem AD
story? Azure AD Objects
Federation ADFS,
et al
Centralizes more of your
authentication/logon audit log
Provides a central chokepoint
at which
Enforce policies
Observe access patterns and
anomalies
Deny access
On-Prem Active Directory
Audit log Audit log policy
management
Log collection
Interpreting events
Domain controllers
and their local
Security Logs
Security Windows
Log
AD
Windows
Security
Log
? AD
Windows
Security
Log AD
Azure AD
Audit log Audit policy
management Log collection
Office 365 Azure Active
Management
Activity API Directory
Azure Graph API
Interpreting events
Gra
Graph
ph A
PI
?
API
ctivity
Mgt A
O365
Attacks
Attacks
The big
picture Attack
s
Attack
s
ks
ttac
A
Active Directory is the foundation of security
Bottom line On-prem
In the cloud
Impossible to be compliant and secure without monitoring it
On-prem
In the cloud
On-prem AD and Azure AD both do a fair job of generating audit
events
But what about
Collection
Search
Reporting
Secure archival
Correlation
Alerting
Check out Netwrix
Netwrix Auditor
A visibility and governance platform that enables control over
Netwrix Auditor for Netwrix Auditor for Netwrix Auditor Netwrix Auditor for
Active Directory Azure AD for Exchange Office 365
Netwrix Auditor for Netwrix Auditor Netwrix Auditor Netwrix Auditor for
Windows File Servers for EMC for NetApp SharePoint
Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for
Oracle Database SQL Server Windows Server VMware
Why Netwrix Auditor?
m
Sharp focus on visibility and governance
m
Broadest coverage of on-premises and cloud systems
m
Truly integrated as opposed to multiple hard-to-integrate standalone tools from other vendors
m
Noise-free security analytics
m
Non-intrusive architecture
m
API-enabled ecosystem integrations
m
Cost-effective two-tiered storage (file-based + SQL database) holding consolidated audit data for more
than 10 years
m
Fast, 15-minute deployment, with no professional services required
m
Next Steps
m
Free Trial: setup in your own test environment
netwrix.com/freetrial
running in minutes
netwrix.com/go/appliance
test lab