Hybrid AD and Azure AD Security Begins with Continuous Permissions Assessment

If your organization made the jump to Office 365 and are now completely cloud based or in a hybrid AD environment, you probably spent a lot of time getting your on-premises AD ready for the move. Now that your new cloud or hybrid environment is in place and in good shape, how do you keep it secure?

Maintaining security in a cloud or hybrid AD environment is no easy task. Download the Quest e-book Surviving Common Office 365 Security Pitfalls for your free IT survival guide.

Security in a hybrid AD environment begins with continually assessing privileges and access and then establishing security configuration baselines. This means periodically reporting which users have access to perform which tasks, either directly through their account or indirectly through group membership. Assessments should include details about all users with the most-sensitive types of access:

  • Permissions to back up and restore AD
  • Permissions to reset user passwords on any objects
  • Elevated privilege groups
  • Sensitive business groups, such as finance, executive staff and R&D
  • Sensitive data, such as personally identifiable information (PII), Payment Card Industry (PCI) details and information required for compliance with SOX and HIPAA
  • Nested groups related to an elevated privilege group or a sensitive business group
  • Permissions on inactive accounts
  • Permissions to log on locally to domain controllers and to install software on domain controllers

Much like a security camera that’s always running “just in case,” continuously assessing who has access to data and why will ensure that sensitive data is only available to those who should see it. The end result is a more secure—and compliant—cloud or hybrid AD environment.

To learn more about security best practices in a hybrid AD environment, download the complimentary Quest e-book, Surviving Common Office 365 Security Pitfalls.

Download E-Book