TEC: The New Integrated Identity Perimeter and Defenses

Our families, friends and neighbors are all refining their hacking skills. But what is this doing to the idea of identity? What is an identity for you and your family in the 2020s? How is identity devolving and creating itself with each new service we sign up for? What about things we use that aren’t tied to our personal identity? What happens when your IOT house plants, lights or home has a service account? Managing identity is more than MFA and complex pass phrases for today’s individuals. In this session, Chris Dancy explains why we must go back and look at the tentacles of personal identity stretching through our devices, apps, services and sensors.

You’ve heard about the world of hackers and their threats against your business, but what about at home? How is your family’s identity evolving to become more like the hackers we defend against at work? What if the future of cybersecurity was your 11-year-old daughter’s need to get back on TikTok after being kicked off? From throwaway accounts to Finstagram, Chris Dancy reviews the ways we are all hackers now and what this is doing to our identity, secure or not.

Access all of the amazing content from THE Microsoft training event of the year – The Experts Conference – in a virtual format. Like all TEC events, our 2022 virtual conference was filled to the brim with practical Active Directory and Office 365 education straight from renowned Microsoft MVPs and industry experts. The live conference has ended, but you can still access any of the sessions from the live event. If there’s anything you missed, or want to watch again, it’s all available now on demand. That’s right, every session – from the in-depth Microsoft 365, Microsoft Infrastructure Security, and On-Premises & Hybrid Management and Migration tracks – is available to watch from the comfort of your home at any time. And as always, this event was brought to you by the leaders who have helped move, manage and secure more than 336 million Active Directory users: Quest Software.

Many organizations have been laser-focused on user account security methods like MFA and passwordless authentication to defend against increases in password spray and phishing attacks. Yet, as security for user accounts continues to improve, recent cyberattacks show that adversaries are turning their attention toward application identities. But do you know what risky behavior to look for and how to protect against identity-based cyberattacks? In this session you will learn about attacks against application identities, how to detect these attacks, and how to recover and defend your application identities going forward against these emerging threats.

For years, the best practice to manage administrative rights was providing two user profiles: One to check email, and another one to manage servers. But that's a rather fine line to trust between using or misusing powers. Thanks to Azure PIM, you can govern who's getting admin privileges, for what and how long. On the plus side, users who don't need or want admin privileges can release them using self-service. In this hands-on, demo-based session by Peter De Tender, you’ll learn how you can perform auditing, control and governance of any user, any administrative role and identify what they can do within your hybrid organization.

Our expert panel will reveal personal stories and how they suffered, triaged, survived, and recovered from Active Directory and AAD nightmares. After the panel discussion, your participation in this safe space is encouraged through the “asking for a friend” segment to share “your friend’s” stories and get some remedies – you know, so you can relay it back to them! Please think ahead of time of things you might have been afraid to ask and take advantage of this interactive, shared experience.

Recently, many Active Directory vulnerabilities are being discovered spanning all three types of Kerberos delegations. One growing attack vector is compromising delegations that cross security boundaries (e.g. AD Trusts or in a hybrid AD environment). Microsoft has recently announced Kerberos authentication within Azure AD. While this brings a lot of security benefits around authentication, this also means that existing Kerberos vulnerabilities can extend from an on-premises AD environment to exploit an object in Azure. The opposite is also possible with on-premises objects (such as an application proxy) having the ability to impersonate cloud users. This session helps make sense of these vulnerabilities and provides solid advice on how to mitigate them.

In times of rapid change, most organizations have dramatically accelerated digital transformation. In addition, many organizations took advantage of many Azure AD capabilities already available in the cloud to provide a secure, optimal and reliable identity framework to support their users and applications. In this session, you will hear directly from the Microsoft Identity engineering team and see the patterns and best practices from some of the largest and most complex enterprise scenarios all over the world using Azure Active Directory. You’ll also see how this has been instrumental in their goal to extend their cloud footprint.

As technology has evolved, so has the use of the different platforms – and inter-connecting these platforms to increase efficiencies. The challenge is that attackers leverage these connection points to gain access to data, escalate privileges, and persist.This session explores a typical corporate environment, its configuration and its weaknesses. The technology platforms explored include Active Directory, VMware vSphere, Azure AD, and Azure (IaaS, aka "cloud datacenter"). We will talk through common integration and configuration components, how attackers take advantage of these connections, and how to mitigate these attack techniques. The scenarios covered during this talk include how an attacker with "user" rights in one platform can leverage connection points and configured access to escalate privileges in another.

Cross-Tenant coexistence services have been static for a fairly long period, consisting primarily of limited GAL sync and free/busy services and maybe Domain sharing using address rewrite technologies. However, some emerging technologies will soon change much of what tenant administrators normally do to prepare their Microsoft 365 environments for collaboration during an M&A project. This session will help you prepare for them.

While there is an abundance amount of information about Microsoft Sentinel, it takes time to find out what is marketing speak and how the product actually behaves. With his experience implementing Microsoft Sentinel in multiple organizations, Thijs will walk through real-life scenarios and provide tips and tricks on how to set up your environment. These tips will range from thoughts about the machine learning algorithms, the built-in rule templates and integrations into your day-to-day operations.

Opportunity makes a cybercriminal, and this is truer than ever during a critical and time-sensitive Active Directory migration when a lot of doors are swinging open. Personnel attrition due to an M&A, integrating with legacy systems, and rushed timelines create ample opportunities for attackers to target your organization. Legacy migration methodologies have historically required opening up the environment to significant security risks, including ransomware attacks, SIDHistory injection, elevated permissions, Group policy hijacking and more. This session will focus on the security missteps to avoid before, during, and even after an AD migration project so that it doesn’t become a resume updating project. We’ll look at real-world examples and give helpful advice to: • Avoid M&A IT integration missteps • Protect yourself from security breaches • Achieve data security • Reap the benefits you expect from your M&A • Ransomware attacks • SIDHistory Injection • Elevated permissions • Group Policy hijacking • And more.

Cybersecurity is a top priority for all of us. In this session, Aastha Verma from CISA will present on the no-cost resources, services and tools that CISA and its partner agencies provide to help organizations improve their cybersecurity posture and safeguard against ransomware and other cyber threats. Learn about cyber hygiene vulnerability scanning, the three CISA “Bad Practices” to avoid, where to find timely updates on the latest threats, and more.

In today’s digital reality we’re increasingly integrated and interconnected with those we know (and don’t know), and what we think of as “identity” is evolving. As our concepts of identity evolve, so do the attacks against it, requiring us to move beyond traditional defense. The footprint of identity risk now goes beyond compromised employees, but also includes contractors, suppliers, guest accounts, and even the identity of "things" (devices, bots, APIs). So how do we protect these emerging identity types? You’ll get answers in this session where we will talk about this changing landscape of identity and the processes and protections you need to put in place to build an “Identity-in-Depth” strategy that goes beyond looking at employee identities but assesses your entire identity ecosystem.