Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    2016 11 17.UWS WebinarSlides

    Uploaded by

    richardanelson000
    AD Security in Azure

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    2016 11 17.UWS WebinarSlides

    Uploaded by

    richardanelson000
    23 views16 pages
    AD Security in Azure

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AD Security in Azure

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    23 views16 pages

    2016 11 17.UWS WebinarSlides

    Uploaded by

    richardanelson000
    AD Security in Azure

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 16

    Monitoring Active Directory: Both

    Sponsored by
    Azure AD and On-Premise AD and
    How Synchronization and Federation
    Play In

    2016 Monterey Technology Group Inc.



    Made possible by

    Thanks to

    Todays hybrid Active Directory environment
    Preview of
    On-Prem AD
    key points
    Azure AD

    Synchronization with Azure AD Connect

    Federation

    Audit log management
    On prem
    Cloud

    Connecting it all together

    Enterprise audit and monitoring for the entry hybrid
    environment
    Active
    Directory in
    todays hybrid
    environment

    Azure AD Connect

    System level Account Management

    On-Prem AD
    Audit policies
    User management
    Windows on Domain

    Audit policies

    Group management
    Controllers
    User management
    Computer

    auditing


    Group management

    User rights management

    Computer
    Directory Service

    Security policies Domain controllers management
    Categories

    System operations and their local
    Audit Directory
    Changes

    Logons Security Logs
    Audit categories
    Security Windows

    All except those below
    Log
    AD

    Active Directory
    Users, groups, computers,
    OUs, Group Policy Objects Windows
    Audit categories Security
    Log AD

    Account Management

    Directory Service Access

    Directory Service
    Changes Windows
    Security

    Destination Log AD
    Security log on each Audit policies
    domain controller
    User management
    Audit
    policies
    Group management

    All others
    Computer
    management

    System level
    Azure AD Not applicable
    auditing
    Active Directory Azure Active
    Users, groups, computers Directory
    Audit categories

    Not applicable on by default

    Destination
    Initial

    Graph API Graph API
    Graph
    All Azure events
    Office 365 Unified Audit Log

    Azure AD events
    Mgt Activity API
    O365

    In almost all cases you are
    Do you need synchronizing on-prem AD to
    Azure AD
    to audit Azure
    So if Azure AD is just a
    AD? projection of on-prem AD why
    monitor? Objects
    Synchd objects from on-
    Sync'd
    prem is only a subset of the
    objects in Azure AD

    Including very important Objects
    tenant admin accounts

    Creating a blind spot
    against one of the most
    important risks
    Intruder gains
    privileged access to
    your tenant

    Federation impacts authentication
    How does not account management and
    directory security
    federation
    You still have
    affect the On-prem AD
    story? Azure AD Objects

    Both can still suffer harm from Sync'


    mistakes, unauthorized d

    changes and intrusion Objects


    Federation ADFS,
    et al
    Centralizes more of your
    authentication/logon audit log
    Provides a central chokepoint
    at which

    Enforce policies

    Observe access patterns and
    anomalies

    Deny access

    On-Prem Active Directory
    Audit log Audit log policy
    management

    Log collection
    Interpreting events
    Domain controllers
    and their local
    Security Logs

    Security Windows
    Log
    AD

    Windows
    Security
    Log
    ? AD

    Windows
    Security
    Log AD

    Azure AD
    Audit log Audit policy
    management Log collection

    Office 365 Azure Active
    Management
    Activity API Directory

    Azure Graph API
    Interpreting events

    Gra
    Graph
    ph A
    PI

    ?
    API
    ctivity
    Mgt A
    O365
    Attacks
    Attacks
    The big
    picture Attack
    s

    Attack
    s

    ks
    ttac
    A

    Active Directory is the foundation of security
    Bottom line On-prem
    In the cloud

    Impossible to be compliant and secure without monitoring it
    On-prem
    In the cloud

    On-prem AD and Azure AD both do a fair job of generating audit
    events

    But what about
    Collection
    Search
    Reporting
    Secure archival
    Correlation
    Alerting
    Check out Netwrix

    2016 Monterey Technology Group Inc.


    About Netwrix Auditor

    Netwrix Auditor
    A visibility and governance platform that enables control over

    changes, configurations, and access in hybrid cloud IT environments

    by providing security analytics to detect anomalies in user behavior


    and investigate threat pattern before a data breach occurs.
    Netwrix Auditor Applications

    Netwrix Auditor Platform

    Netwrix Auditor for Netwrix Auditor for Netwrix Auditor Netwrix Auditor for
    Active Directory Azure AD for Exchange Office 365

    Netwrix Auditor for Netwrix Auditor Netwrix Auditor Netwrix Auditor for
    Windows File Servers for EMC for NetApp SharePoint

    Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for
    Oracle Database SQL Server Windows Server VMware
    Why Netwrix Auditor?

    m
    Sharp focus on visibility and governance

    m
    Broadest coverage of on-premises and cloud systems

    m
    Truly integrated as opposed to multiple hard-to-integrate standalone tools from other vendors

    m
    Noise-free security analytics

    m
    Non-intrusive architecture

    m
    API-enabled ecosystem integrations

    m
    Cost-effective two-tiered storage (file-based + SQL database) holding consolidated audit data for more
    than 10 years

    m
    Fast, 15-minute deployment, with no professional services required

    m
    Next Steps

    m
    Free Trial: setup in your own test environment

    netwrix.com/freetrial

    m Virtual Appliance: get Netwrix Auditor up and

    running in minutes
    netwrix.com/go/appliance

    m Test Drive: virtual POC, try in a Netwrix-hosted

    test lab

    You might also like