Jorge de Almeida Pinto
Semperis, Senior Incident Response Lead
Veenendaal, The Netherlands
Actions
Jorge de Almeida Pinto, a Semperis Solutions Architect and Senior Incident Response Lead, helps customers proactively and reactively to be and remain secure. He has been a Microsoft MVP since 2006, and has a specific focus on designing, implementing, securing and recovering Microsoft Identity & Access Management (IAM) technologies. Throughout the years, his experience includes work with Active Directory (AD), Active Directory Federation Services (ADFS), Microsoft Entra ID (EID) (a.k.a. Azure Active Directory), Entra Connect/Cloud Sync, Microsoft Identity Manager (MIM), and developing (security-related) scripts.
Links
Area of Expertise
Topics
Best Practices for Resynchronizing AD and Entra ID After Forest Recovery
With cybercrime on the rise, ransomware attacks that target Active Directory (AD) - the primary identity store for most businesses worldwide - are as common as a cup of coffee. If, like many organizations today, you have a hybrid identity environment that combines AD with Entra ID (formerly known as Azure AD), are you prepared for the worst-case scenario? If your AD was burned to the ground, you hopefully have (at a minimum) backups to perform a forest recovery. But what then? After assessing the security of your AD and mitigating any (critical) risks (you plan to do this right?), do you simply reconnect and allow synchronization to occur between AD and Entra ID, or do you perform a GAP analysis first? Knowing which precautionary measures to take to minimize damage (i.e., impact of user experience and data loss) within Entra ID is of utmost importance!
In this session, we will discuss what the problem is, explain how to perform a GAP analysis and also how to close any disclosed GAPs before reconnecting AD and Entra ID and enabling synchronization. Last but not least, we will also explain the differences between the usage of Entra AD Connect Sync (formerly known as Azure AD Connect Sync) and Entra Cloud Sync (formerly known as Azure AD Cloud Sync).
• Learn the basic next steps to take after a forest recovery
• Learn which backup to choose and why
• Learn the steps to perform a gap analysis
• Learn the steps to remediate impact
• Learn how to use Entra Connect Sync or Entra Cloud Sync in a scenario like this
Safeguarding The Security Posture Of Your AD, Pre-Attack And Post-Attack
With cybercrime on the rise, ransomware attacks that target Active Directory (AD), the primary identity store for most businesses worldwide, are as common as having a cup of coffee. Many cyber incidents involve AD in one way or another. Given that an attack on AD is more of a “when” rather than an “if” scenario, organizations must have a tested AD DR plan and purpose-built solutions for securing AD before an cyberattack and recovering and securing AD after a cyberattack.
This presentation discusses the risk to today’s enterprise organizations and explains why prioritizing hybrid identity (Active Directory and Entra ID) security is so important. It discusses the use of Security Indicators, Indicators of Exposure (IoE) and Indicators of Compromise (IoC), as a means to evaluate AD security and discover vulnerabilities that could attract attackers. Examples of various identity threat detection and response (ITDR) tools that can help you with this, will also be discussed. Attendees will learn why an AD Recovery Plan is a vital resource for ongoing operational resilience, including the different ways to execute parts of that DR plan and what the impact is of such an execution. Last but not least a real-life AD recovery scenario will be discussed, to put all the pieces together.
So You Travelled Back In Time. Reconnecting Mismatching Core Identity Stores? Swipe Left Or Right?
With cybercrime on the rise, ransomware attacks that target Active Directory (AD) - the primary identity store for most businesses worldwide - are as common as a cup of coffee. If, like many organizations today, you have a hybrid identity environment that combines AD with Entra ID (formerly known as Azure AD), are you prepared for the worst-case scenario? If your AD was burned to the ground, you hopefully have (at a minimum) backups to perform a forest recovery. But what then? After assessing the security of your AD and mitigating any (critical) risks (you plan to do this right?), do you simply reconnect and allow synchronization to occur between AD and Entra ID, or do you perform a GAP analysis first? Knowing which precautionary measures to take to minimize damage (i.e., impact of user experience and data loss) within Entra ID is of utmost importance!
In this session, we will discuss what the problem is, explain how to perform a GAP analysis and also how to close any disclosed GAPs before reconnecting AD and Entra ID and enabling synchronization. Last but not least, we will also explain the differences between the usage of Entra AD Connect Sync (formerly known as Azure AD Connect Sync) and Entra Cloud Sync (formerly known as Azure AD Cloud Sync).
OPTIONAL: If time allows and the demo gods work along even a demo will be given to show what is presented.
5 Key take aways:
• At a high level, know and understand what to do after a forest recovery, and why.
• Know and understand which backup to choose and why.
• Know and understand which actions to take to perform a GAP analysis.
• Know and understand which actions to take to remediate impact.
• Know and understand what to do with both/either Entra Connect Sync (a.k.a. Azure AD Connect Sync) and/or “Entra Cloud Sync” (a.k.a. Azure AD Cloud Sync).
Jorge de Almeida Pinto
Semperis, Senior Incident Response Lead
Veenendaal, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top