The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts.
Microsoft defined the logical separation of user accounts with different authorizations at different levels in the Enhanced Security Admin Environment (ESAE) recommendation. Often referred to as "Red Forest," it is still used in many companies today. Privileged company-wide administrator accounts are managed in their own forest and therefore isolated from the local administrator accounts on servers, workstations, and other devices. If attackers gains access to a local administrator account, their scope of action is limited to the validity of this one account; above all, they cannot get up to any mischief in the entire Active Directory (AD) enterprise.
The continuation of this policy in the rapid modernization plan (RaMP) [1] supports admins in implementing the most important steps of Microsoft's privileged access strategy as a replacement for ESAE. This plan and the associated documents offer admins a step-by-step guide for securing access to enterprise resources. Of course, the most important prerequisite is that you are using Microsoft's Entra ID, formerly known as Azure Active Directory.
Separate Admin Accounts
As in ESAE, the various accounts for administrative function are strictly segregated. Figure 1 shows the strategy for breaking accounts by privileged and non-privileged, along with reducing the attack surface.
...
Use Express-Checkout link below to read the full article (PDF).
Restoring identity is an important part of disaster recovery, since it lays the foundation for restoring normality and regular operations. We look into contingency measures for hybrid directory services with Entra ID, the Graph API, and its PowerShell implementation.
Microsoft Entra unites key identity technologies, resulting in a centralized management tool for Azure Active Directory. We look at how MS Entra works in conjunction with a local Active Directory.
Azure Active Directory privileged identity management provides just enough administration for admins to carry out their work, while minimizing the possibility of security breaches through privileged admin accounts.