Understanding Security and Privileged Access in Azure Active Directory

If you have Office 365, Azure or any other Microsoft cloud service you have Azure Active Directory.

And like on-prem AD, Azure AD is the heart and soul of security for:

• Office 365
• Azure VMs, Storage, etc.
• Other cloud services integrated with Azure AD like CRM

But in the most common hybrid scenarios, Azure AD can even impact security back home on your on-prem Active Directory. After all, Azure AD Connect is a 2-way street in most deployments.

You are probably using AD Connect and ADFS, and when federation and synchronization are working it’s easy to forget Azure AD even exists. But that’s dangerous. And it’s dangerous to treat Azure AD as a separate entity from your on-prem AD or to simply view Azure AD as a projection of on-prem AD in the cloud.

In this on-demand webinar, we will dive into the security features of Azure AD and identify the risks that need to be recognized and mitigated.

Many of the lessons learned from on-prem AD apply to Azure AD. For instance, we’ll talk about why the workstations of Azure AD privileged users need to be held to the same standards as admins accessing on-prem AD.

Of course, some of the things we have to worry about with on-prem AD – like physical security domain controllers – don’t apply to Azure AD. But there are other risks that are new to Azure AD. For example, by default administrator access to Azure AD is just sitting out there exposed to the entire Internet with a simple password. Do you even know who first created your Azure AD tenant? For that matter how many different Azure AD directories do you have?

Azure AD is maturing. Only a few years ago there was no fine-grained admin authority or the ability to delegate privileged access according to the principle of least privilege. That has improved with the introduction of Azure Active Directory (Azure AD) role-based access control (RBAC). But the old Azure Roles still exist with some Frankenstein-ish results.

Here’s a few of the technical areas we’ll address:

• Privileged access controls
• Administrative roles
• Scopes
• Administrative units
• Groups vs. roles
• How to determine who really has access to Azure AD
• Delegation with custom roles

And speaking of roles, wow, that can be confusing. We’ll try to untangle the difference between:

• Azure Roles
• Azure AD Roles
• O365 Roles

This real training for free event was sponsored by BeyondTrust’s Cloud Privilege Broker solution which provides visibility and management of entitlements for Azure Active Directory as well as other core IAM technologies in clouds like AWS.

Meet the Presenters

Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.

Tim Sedlack, Sr Director, Product Management

Tim has been in Product Management for over 20 years. Prior to BeyondTrust, Tim was serving as the Director of Product Management for Identity and Access Management at Micro Focus. Tim has managed product across the security spectrum including Security, Compliance, IAM and GRC for a variety of companies and in a few different countries, including a 5 year stint in Munich, Germany! Tim enjoys travelling around the world and exploring new cultures and engage with locals wherever he goes.