Currently, the biggest threat to an Entra ID tenant in the vast majority of environments comes from the connected Active Directory. Attackers are (currently) focusing heavily on on-prem environments, as these are generally much more difficult to protect and are also in a much worse state. And it's often not far from there to the cloud...

Containment is one of the most important measures in an emergency and usually Entra ID, M365 and Azure are at the top of the list as M365 is very important for crisis communication and Azure can be a good platform for the recovery phase.

In this session, we will discuss the steps necessary to block lateral movement for a full compromise of Entra ID from Active Directory in a reasonable order.

We will then look at your users' accounts, the impact of your actions on their ability to work and how you can make decisions in this situation.

We will also discuss what you can do today to be best prepared for this scenario.

Level 200-300, minimum 45 minutes