Captain AD, the Hybrid Superhero of Our Hybrid Active Directory

It’s not every day that you run into a superhero. However, it is getting more common to run into hybrid cloud security superheroes, like the ones who keep your on-premises Active Directory from poking holes in your Azure AD security. It turns out there’s one working down the hall from me now. I sat next to him in the cafeteria the other day.

“Say, you look a lot like Captain AD, the guy who keeps our on-premises Active Directory security in ship-shape. Is that who you are?”

He quieted me before I could blow his cover. But this guy is a real superhero — he protects our Office 365 security by keeping AD secure.

“I’m really only half superhero. So don’t ask me to stop any runaway subway trains or save Manhattan from space invaders.”

“How’d you get be a superhero, anyway?”

The Superhero of Our Hybrid Active Directory

In most organizations, cloud computing means running Office 365 and productivity apps over the network and developing new kinds of applications using Azure. It’s operationally efficient, innovative and important for competitive advantage.

The problem is that many of these organizations synchronize their authoritative, on-premises AD up to Azure AD in the cloud, where Office 365 and other cloud computing apps use it for authentication and authorization.

That means that any security flaws in the original, on-premises Active Directory — long-inactive user accounts, excessive delegated permissions, unauthorized users making membership changes to sensitive groups — become flaws in the Azure AD’s security. When Azure AD is not secure, Office 365 is not secure.

Running a hybrid configuration of on-premises and cloud-based apps is already a big leap for any IT department. Adding the possibility that on-premises security problems are being synchronized up to Azure AD and contributing to a data breach is not the kind of thing that gives them warm fuzzies.

Enter Captain AD

“So I was sitting at my desk one day reading a paper called Azure Active Directory and Office 365 Security from Dell,” he explained. “It’s a deep dive into strengthening the weakest link in a hybrid AD environment like ours, by protecting access to on-premises AD. I printed out the paper and was still reading it in the elevator down to the data center to try out some of the steps in the Dell approach. When the elevator doors opened in the basement, I was wearing the Captain AD outfit: the tights, the hood, the mask. The whole nine yards.”

“Pretty amazing. But, is there anything the rest of us can do to help you make our hybrid cloud a safer place?”

Captain AD thought for a moment. “Sure. Read the paper from Dell. It’s called Azure Active Directory and Office 365 Security. You’ll learn what it means to be both on-premises and in the cloud, and you’ll step through a detailed scenario of how poor AD security can lead to a data breach and an insider trading scandal.”

“OK. Should I read it in the elevator?”

“Sure,” he said, getting up to leave. “We can never have too many superheroes around here. Even half superheroes.”