TEC- 2022 Virtual Microsoft Infrastructure and Security

While there is an abundance amount of information about Microsoft Sentinel, it takes time to find out what is marketing speak and how the product actually behaves. With his experience implementing Microsoft Sentinel in multiple organizations, This will walk through real-life scenarios and provide tips and tricks on how to set up your environment. These tips will range from thoughts about the machine learning algorithms, the built-in rule templates and integrations into your day-to-day operations.

In today’s digital reality we’re increasingly integrated and interconnected with those we know (and don’t know), and what we think of as “identity” is evolving. As our concepts of identity evolve, so do the attacks against it, requiring us to move beyond traditional defense. The footprint of identity risk now goes beyond compromised employees, but also includes contractors, suppliers, guest accounts, and even the identity of "things" (devices, bots, APIs). So how do we protect these emerging identity types? You’ll get answers in this session where we will talk about this changing landscape of identity and the processes and protections you need to put in place to build an “Identity-in-Depth” strategy that goes beyond looking at employee identities but assesses your entire identity ecosystem.

As technology has evolved, so has the use of the different platforms – and inter-connecting these platforms to increase efficiencies. The challenge is that attackers leverage these connection points to gain access to data, escalate privileges, and persist. This session explores a typical corporate environment, its configuration and its weaknesses. The technology platforms explored include Active Directory, VMware vSphere, Azure AD, and Azure (IaaS, aka "cloud datacenter"). We will talk through common integration and configuration components, how attackers take advantage of these connections, and how to mitigate these attack techniques. The scenarios covered during this talk include how an attacker with "user" rights in one platform can leverage connection points and configured access to escalate privileges in another.

Our expert panel will reveal personal stories and how they suffered, triaged, survived, and recovered from Active Directory and AAD nightmares. After the panel discussion, your participation in this safe space is encouraged through the “asking for a friend” segment to share “your friend’s” stories and get some remedies – you know, so you can relay it back to them! Please think ahead of time of things you might have been afraid to ask and take advantage of this interactive, shared experience.

Many organizations have been laser-focused on user account security methods like MFA and passwordless authentication to defend against increases in password spray and phishing attacks. Yet, as security for user accounts continues to improve, recent cyberattacks show that adversaries are turning their attention toward application identities. But do you know what risky behavior to look for and how to protect against identity-based cyberattacks? In this session you will learn about attacks against application identities, how to detect these attacks, and how to recover and defend your application identities going forward against these emerging threats.

Recently, many Active Directory vulnerabilities are being discovered spanning all three types of Kerberos delegations. One growing attack vector is compromising delegations that cross security boundaries (e.g. AD Trusts or in a hybrid AD environment). Microsoft has recently announced Kerberos authentication within Azure AD. While this brings a lot of security benefits around authentication, this also means that existing Kerberos vulnerabilities can extend from an on-premises AD environment to exploit an object in Azure. The opposite is also possible with on-premises objects (such as an application proxy) having the ability to impersonate cloud users. This session helps make sense of these vulnerabilities and provides solid advice on how to mitigate them.

For years, the best practice to manage administrative rights was providing two user profiles: One to check email, and another one to manage servers. But that's a rather fine line to trust between using or misusing powers. Thanks to Azure PIM, you can govern who's getting admin privileges, for what and how long. On the plus side, users who don't need or want admin privileges can release them using self-service. In this hands-on, demo-based session by Peter De Tender, you’ll learn how you can perform auditing, control and governance of any user, any administrative role and identify what they can do within your hybrid organization.

In times of rapid change, most organizations have dramatically accelerated digital transformation. In addition, many organizations took advantage of many Azure AD capabilities already available in the cloud to provide a secure, optimal and reliable identity framework to support their users and applications. In this session, you will hear directly from the Microsoft Identity engineering team and see the patterns and best practices from some of the largest and most complex enterprise scenarios all over the world using Azure Active Directory. You’ll also see how this has been instrumental in their goal to extend their cloud footprint.