Microsoft can now access the internet through domain controllers
Many organizations have recently transitioned to cloud-based identity platforms such as Azure Active Directory (AAD) to take advantage of the latest authentication mechanisms, such as passwordless login and conditional access, and gradually Retire Active Directory (AD) infrastructure. However, other organizations still use domain controllers (DCs) in hybrid or on-premises environments.
For those who don’t know, a DC is able to read and write to Active Directory Domain Services (AD DS), which means that if a DC is infected by a malicious actor, essentially all of your accounts and systems will be affected damage. Just a few months ago, Microsoft issued an advisory about an AD privilege escalation attack.
Microsoft already provides a detailed tutorial on how to set up and secure a DC, but now, it's making some updates to the process.
Redmond Technology has emphasized that DCs should not be connected to the Internet under any circumstances. In light of the evolving cybersecurity landscape, Microsoft has modified this tutorial to state that DCs should not have unmonitored Internet access or the ability to launch a web browser. DCs can be connected to the Internet as long as access is tightly controlled with appropriate protections.
For organizations currently operating in a hybrid environment, Microsoft recommends that you protect with at least Defender for Identity Local AD. Its guidance states:
Microsoft recommends using Microsoft Defender for Identity for cloud-driven protection of these on-premises identities. Configuration of Defender for Identity sensors on domain controllers and AD FS servers allows for highly secure, one-way connections to cloud services through proxies and specific endpoints. For detailed instructions on configuring this proxy connection, please refer to the Defender for Identity technical documentation. This tightly controlled configuration ensures that the risks of connecting these servers to cloud services are reduced and organizations benefit from the increased protection capabilities provided by Defender for Identity. Microsoft also recommends using cloud-driven endpoint detection like Azure Defender for Servers to protect these servers.
Still, Microsoft recommends that organizations operating in isolated environments not access the Internet at all for legal and regulatory reasons.
The above is the detailed content of Microsoft can now access the internet through domain controllers. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
WebStorm Mac version
Useful JavaScript development tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Atom editor mac version download
The most popular open source editor
