Hasain The Wolf Alshakarti Trusted Cyber Security Advisor TrueSec MVP Cloud amp Datacenter Mgmt Enterprise Security Alshakarti Marcus Murray Cyber Security Team Manager TrueSec ID: 715731
Download Presentation The PPT/PDF document "Evolution of Identity Module 1: Identity..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Evolution of Identity
Module 1: Identity is the New Perimeter
Hasain “The Wolf” Alshakarti
Trusted
Cyber
Security
Advisor
- TrueSec
MVP: Cloud & Datacenter
Mgmt
- Enterprise Security
@Alshakarti
Marcus Murray
Cyber
Security
Team Manager- TrueSec
MVP: Cloud & Datacenter
Mgmt
- Enterprise Security
@
marcusswedeSlide2
Agenda – Module 1
Identity is the “NEW“ Security BoundaryIdentity in Windows 10 and Windows Server 2016Slide3
Identity is the “NEW“ Security BoundarySlide4
Identity in Windows 10 & Windows Server 2016
Credential Guard & Remote Credential Guard
Privileged Access Management
Windows Hello for Business
PowerShell Just Enough AdministrationSlide5
Evolution of Identity
Module 2: Securing the On Prem Identity
Hasain “The Wolf” Alshakarti
Trusted
Cyber
Security
Advisor
- TrueSecMVP: Cloud & Datacenter Mgmt - Enterprise Security
@AlshakartiFredrik “
DXter” JonssonSenior Security
Advisor
-
Identitry
MVP: Cloud & Datacenter
Mgmt
- Enterprise SecuritySlide6
Agenda – Module 2
Hybrid IdentitiesAzure Active Directory integrationsPrivilege Access Management – JIT
Shadow Forests for High Privileged Users
Securing Privileged Access & Privileged Access WorkstationSlide7
Hybrid IdentitiesSlide8
Azure Active Directory integrationsSlide9
Privilege Access Management JIT
An expiring Links Feature
A user can be added to the group for just enough time required to perform an administrative task. The time-bound membership is expressed by a time-to-live (TTL) value that is propagated to a Kerberos ticket lifetime.
KDC enhancements
Restrict Kerberos ticket lifetime to the lowest possible time-to-live (TTL) value in cases where a user has multiple time-bound memberships in administrative groups.
New Monitoring Capabilities
Help you easily identify who requested access, what access was granted, and what activities were performed.
Bastion Active Directory forest
The bastion forest has a special PAM trust with an existing forest. It provides a new Active Directory environment that is known to be free of any malicious activity, and isolation from an existing forest for the use of privileged accounts.Shadow Security Principals (groups)The shadow security principals have an attribute that references the SID of an administrative group in an existing forest. This allows the shadow group to access resources in an existing forest without changing any access control lists (ACLs).Slide10
Shadow Forests for High Privileged UsersSlide11
Securing Privileged Access & Privileged Access Workstation
LAPS
Unique Local Admin Passwords for Workstations
Unique Local Admin Passwords for Servers
PAM
Time-bound privileges (no permanent administrators)
Multi-factor for time-bound elevation
Just Enough Admin (JEA) for Maintenance
Lower attack surface of important servicesPrivileged Access WorkstationsSlide12
Evolution of Identity
Module 3: Enabling Secure Cloud Access
Hasain “The Wolf” Alshakarti
Trusted
Cyber
Security
Advisor
- TrueSecMVP: Cloud & Datacenter Mgmt - Enterprise Security@Alshakarti
Fredrik “DXter” Jonsson
Senior Security
Advisor
-
Identitry
MVP: Cloud & Datacenter
Mgmt
- Enterprise SecuritySlide13
Agenda – Module 3
Single Sign OnIdentity FederationPublic Identity Providers
Multi Factor Authentication
External Users & Application ScenariosSlide14
Single Sign OnSlide15
Identity FederationSlide16
Public Identity ProvidersSlide17
Multi Factor AuthenticationSlide18
External Users & ApplicationSlide19
Evolution of Identity
Module 4: Enabling Secure Mobile Access
Hasain “The Wolf” Alshakarti
Trusted
Cyber
Security
Advisor
- TrueSecMVP: Cloud & Datacenter Mgmt - Enterprise Security@Alshakarti
Fredrik “DXter
” JonssonSenior Security
Advisor
-
Identitry
MVP: Cloud & Datacenter
Mgmt
- Enterprise SecuritySlide20
Agenda – Module 4
Intune, AAD & ADFSWeb Application Proxy 2.0Device Registration
Access Control PoliciesSlide21
Intune, AAD & ADFSSlide22
Web Application Proxy 2.0Slide23
Device RegistrationSlide24
Access Control Policies