Webcast discussion on our Hybrid Active Directory Security story. Any defense is only as strong as its weakest point. Office 365 and its Azure Active Directory underpinnings are highly security focused, with features like conditional access, multi-factor authentication, and best-in-class identity security reporting. But if you have a hybrid identity architecture in which your Active Directory users and groups are projected into the cloud, your weakest link isn't the cloud--it's your Active Directory.

1. Mitigating Risk in a Complex
Hybrid Directory Environment
Hosted by: Brad Sams
Petri Presenter: Sean Deuby
Veeam Presenter: Alvaro Vitta

2. What percentage of your organization
has moved to Office 365?
• 1-10%
• 10%-30%
• 30%-50%
• 50%+
• We’re not using Office 365 today

3. Sean Deuby
• Identity technology analyst and expert
• Microsoft MVP for Directory Services
since 2004
• Consults and speaks on cloud identity
and identity as a service (IDaaS)
• Identity architect at Edgile, Inc.
• Frequent contributor to Petri IT
Knowledgebase

4. Alvaro Vitta
• Principal Solutions Architect specializing
in security at Quest
• Specializes in Microsoft cloud-based data
center technologies, including Azure AD,
Office 365, Active Directory, Exchange,
and EMS (Enterprise Mobility Suite)
• Works with large private and public
organizations to help them solve
business problems with software
solutions across cloud, hybrid, and
private data center environments

5. Confidential5
• Market trends
• Infrastructure security challenges
• The solution
AGENDA

6. Confidential6
MARKET TRENDS

7. Organizations have used AD to
authenticate since 2001
2003
2013-TODAY
Organizations begin
taking the cloud
seriously
2007
Collaboration heats up
2009
Server 2008R2 -new
forest level
2001
AD replaces NT
2008
Add new resource
forest for security
2010
Upgrades, M&As,
BYOD, security
risks
TODAY
Future-ready Windows
Infrastructure
2004
Email is now business
critical

8. Office 365 adoption is growing rapidly
• 22 million consumers (55% YOY growth from 12.4 M)
and 70 million commercial customers who have
active Office 365 subscriptions.
• In the commercial segment, Office 365 had a 57
percent month-over-month jump in the latest 2016
quarter.
• Year-over-year growth: about 1 million subscribers a
month are adopting Office 365

9. Why do organizations move to the cloud?
• Reduce infrastructure, licensing, and maintenance
costs, eliminating on-premises
infrastructure and finding storage efficiencies
• Empower workforce to operate from anywhere from
any device
• Increase scalability and business continuity

10. What about Azure Active Directory?
• Office 365 *requires* an Azure AD instance
• Azure AD provides the Directory Service for Office 365 applications
• Azure AD integrates with on-prem AD creating a HYBRID Directory
environment
Azure Active Directory

11. Hybrid Environment: Azure AD Connect Synchronization Workflow

12. Summary: How Hybrid Directory was ‘created’
90% of Companies
use AD-On prem.
O365 Adoption
Growing at 70% YoY.
AAD has over 10M
tenants
75% of Orgs. > 500
users synch AD-On
prem. >> AAD
Hybrid Directory

13. How important is protecting on-prem AD resources?
75% of enterprises with
more than 500 employees
sync their on-prem AD
accounts to Azure
AD/Office 365 (AD on
premises is authoritative)

14. If you’re leveraging Office 365, are you
using Azure AD?
• Yes, managing Azure AD accounts
• Yes, but only replicating to Azure AD from on-
prem
• No, not using

15. Confidential15
HYBRID DIRECTORY SECURITY CHALLENGES

16. What is the surface attack area? AD On-Prem
Active AD
licenses
500
Million
Companies
using AD to
authenticate
90%
95 million of those accounts are under attack
every single day (Microsoft)
Daily
authentic-
ations
10
Billion
Accounts
under attack
each day
95
Million

17. What is the surface attack area? Azure AD
Number of
Azure AD
accounts
700
Million
Number of
Azure AD
tenants
10
Million
Daily
logons
1.3
Billion
MS Cloud
daily
cyberattacks
10
Million
Microsoft's user identity management systems, process over 13 billion logins
Over 10 million (per day) of these logins are
cyber-attacks.

18. Business Challenges
• Data exfiltration
• Insider threats
• Compliance failures
• Prolonged operational downtime
• Revenue loss due to downtime,
loss of productivity, and
potentially fines
• No permission baselining
• No automatic remediation
• Lack of detailed auditing
• Labor-intense/error-prone
• Lack of granular delegation
• Disjointed administration
• Manual DR Processes
Technical Challenges
Dangers and pitfalls if you don’t secure AD on-prem
Hybrid Directory Challenges faced by businesses

19. Confidential19
WHAT’S THE SOLUTION?
Securing the weakest link in your hybrid directory

20. Quest AD Security Lifecycle Methodology

21. Continually Assess
• Who has access to what sensitive
data and how did they get that
access?
• Who has elevated privileged
permissions in AD, servers, and SQL
DBs?
• What systems are vulnerable to
security threats?

22. Detect and Alert
• How will I know if any suspicious
privileged account activities have
occurred?
• Have any changes occurred that could
be significant of an insider threat?
• How will I know, quickly, if an intrusion
has happened?
• Could we be under brute-force attack
right now?

23. Remediate and Mitigate
• Is access control allowing those
whitelisted in and blacklisted out?
• Do my users have the lowest level of
user rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to
manually remediate unauthorized
changes?

24. Investigate and Recover
• How can I be sure that ‘it’ doesn’t happen again?
• How can I test my business continuity plan without going off
line?
• How long will it take us to recover from an
AD security incident, manually?
• What is my AD RTO after a disaster?
• Can I secure access to my DC before
next time?

25. Active Directory Security Suite components
IT Security Search & Recovery Manager FE
• Investigate AD security incidents
• Continuously test your AD business
continuity plan
• Recover from a security incident
• Improve your RTO following a disaster
• Secure access to AD DC data
Enterprise Reporter
• Report on elevated permission in
AD
• visibility of open shares across
servers
• Understand which servers have
vulnerable security settings
Active Roles & GPOAdmin
• Enforce permission
blacklisting/whitelisting in AD
• Implement AD least-privilege
access model
• Prevent unauthorized access to
sensitive resources
• Auto-Remediate unauthorized
activities
Change Auditor for AD
• Detect suspicious privileged AD
activities
• Alert on potential AD insider
threats
• Notify in real time of
unauthorized intrusions against
AD
• Detect and alert on brute-force
attacks

26. Hybrid directory solution protects all the way around

27. Secure your Active Directory to mitigate risk in
Office 365
• Organizations moving to Office 365 have real and significant
security challenges around Active Directory.
• On-premises AD remains the core of security even in a
cloud/hybrid environment.
• Quest offers the only end-to-end AD Security solution in the market
• Don’t let your on-premises AD be your Hybrid Achilles Heel!

28. What is the biggest technology problem facing
your organization today?
• Pressure on our IT budget
• Security threats
• IT skill gap
• Legacy applications management
• Cloud migration difficulty
• Other

30. We get IT
Work Smarter
Petri.com | The IT Knowledgebase
Thank you for joining. Our
broadcast, presentation, and a Tech
Brief Summary will be provided.