Monday, 6 June 2016

Understanding Directory Services

Posted by: Ashwin Venugopal

First review my TechNet blogs inorder to understand the basics of Active Directory.

Whats new with Windows Server 2016?

Privileged Access Management (PAM).

The PAM feature helps to counter security issues caused from credential theft and helps you restrict privileged access within your existing AD DS environment. In this case a shadow bastion forest is created.

PAM has four steps : Prepare, Protect, Operate, Monitor

  1. Prepare
    1. Identify the groups in your AD forest that have significant privileges. Recreate these groups without members in the bastion forest.
  2. Protect
    1. Configure the lifecycle and authentication protection, such as Multi-Factor Authentication (MFA).
  3. Operate
    1. When the user authentication is completed a request is approved, user account gets added temporarily to a privileged group in the bastion forest. For a pre-set amount of time, the administrator has all privileges and access permissions that are assigned to that group. After that  pre-set time, the account is removed from the group.
  4. Monitor
    1. PAM adds auditing, alerts, and reports for privileged access requests. One can review the history of privileged access, and see who performed an activity.
Group member expiration.
This Enables you to configure automatic expiration for groupmembership.

Microsoft Passport.
Windows Server 2016 supports Microsoft Passport, a key-based authentication system. Your users sign in using a PIN or biometric information.

Azure AD Connect.
This integrate your on-premises AD DS with Azure AD.

Thanks for reading.

No comments:

Post a Comment