Session
1st AID for EID - how to prevent lateral movement to Entra ID when your Active Directory has fallen
Currently, the biggest threat to an Entra ID tenant in the vast majority of environments comes from the connected Active Directory. Attackers are (currently) focusing heavily on on-prem environments, as these are generally much more difficult to protect and are also in a much worse state. And it's often not far from there to the cloud...
Containment is one of the most important measures in an emergency and usually Entra ID, M365 and Azure are at the top of the list as M365 is very important for crisis communication and Azure can be a good platform for the recovery phase.
In this session, we will discuss the steps necessary to block lateral movement for a full compromise of Entra ID from Active Directory in a reasonable order.
We will then look at your users' accounts, the impact of your actions on their ability to work and how you can make decisions in this situation.
We will also discuss what you can do today to be best prepared for this scenario.
Level 200-300, minimum 45 minutes
Christopher Brumm
ITSec Pro focussed on MS Cloud Stuff
Hamburg, Germany
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top