Defending Azure Active Directory

Microsoft Azure Active Directory has become an essential part of the "Identity & Access Management" in many organizations.
Critical business applications and cloud services are integrated to Microsoft's cloud-based identity platform but also components to support hybrid identity scenarios in Active Directory (on-premises) has been implemented.

On the other side, the "new control plane" is a growing target for cybercriminals. Azure AD offers many security features and integration to other (Microsoft) security solutions to protect (hybrid) identities.
But what are security considerations that should be considered in the design and implementation of a modern identity infrastructure?

In this session, I will talk and demonstrate a few examples regarding the following four subject areas:

- Identity Security Posture and privilege escalation from Azure AD Connect

- Conditional Access Designs, Continuous Access Evaluation (CAE) and risks of Token replay attacks

- Privileged Identity and Access in Azure AD and "overlooked" privileged access paths

- App Integration and different types of workload Identities

Thomas Naunheim

Microsoft MVP | Cloud Security Architect @glueckkanja-gab AG

Koblenz, Germany

View Speaker Profile