Photo by Kelly Sikkema on Unsplash
Recovering from a cyberattack in a hybrid environment
Disconnected
The complexity of modern IT landscapes becomes particularly apparent in the event of emergencies caused by cyberattacks. It is not just the recovery of the individual subsystems that needs to be considered when you restore, but also the interactions. The failure of basic services such as authentication as the result of an attack is a particularly serious worry.
Regardless of whether a company still has its IT firmly anchored locally or is already on its way into the cloud, most directory services now have a hybrid design. The legacy Active Directory (AD) is the primary identity store, and users, groups, and, increasingly, computer accounts are synchronized to Entra ID (formerly Azure AD) or other cloud-based directories to enable seamless access to applications in the cloud. The prime example is Microsoft Teams, which many companies were forced to introduce as an emergency measure during the pandemic. However, other services such as virtual private networks (VPNs), Microsoft Dynamics 365, Salesforce, or Box also work best with a cloud identity.
Hybrid Identities on the Rise
How tightly the on-premises part of a hybrid identity is tied in to its cloud counterpart can vary. Some organizations want to provide an online identity but keep the authentication process entirely on-premises and rely on pass-through authentication (PTA) or locally installed instances of Active Directory Federation Services (ADFS). Others synchronize the password hash to the cloud (password hash synchronization, PHS) or even make the cloud account authoritative with password write-back, enabling more extensive password checks than the complexity conditions supported in AD and providing users with a simple self-service password reset (SSPR). Thanks to Cloud Trust, even Kerberos authentication of a cloud account against local resources connected to AD is possible.
All types of hybrid identity are relatively easy
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Manage user accounts with MS Entra lifecycle workflows
Microsoft Entra unites key identity technologies, resulting in a centralized management tool for Azure Active Directory. We look at how MS Entra works in conjunction with a local Active Directory. -
Configure Entra ID with PowerShell Desired State Configuration
Configuration and security of authorization assignment and access control by Entra ID, formerly Azure Active Directory, requires careful consideration. We reveal how configuration as code works with PowerShell and Microsoft 365 DSC for tenant configuration in Entra ID. -
Get to know Azure Files and Azure File Sync
Azure Files and Azure File Sync are Microsoft's classic file shares for clients on Windows, Linux, and macOS in the cloud. We introduce you to their services and guide you through their setup. -
Exchange Online migration with the Hybrid Agent
Exchange's Hybrid Agent takes the complexity out of migrating from a local Exchange environment to Exchange Online.