srfalo.blogg.se

12 Oktober 2023 - 13:11
Aad logs
Allmänt
Aad logs







aad logs

Acme has other sensitive applications hosted on servers in Azure.Īcme signed up for Office 365 and started a pilot. Acme IT locked down the DCs following hardening advice and limited Azure administration to the VMs hosting the DCs. Acme embraced Azure Infrastructure as a Service (IAAS) as an additional datacenter and deployed Domain Controllers to Azure for their on-prem AD (as their “cloud datacenter”). In this scenario, Acme has an on-premises Active Directory environment. Most of the research around this issue was performed during August 2019 through December 2019 and Microsoft may have incorporated changes since then in functionality and/or capability. The key takeaway here is that if you don’t carefully protect and control Global Administrator role membership and associated accounts, you could lose positive control of systems hosted in all Azure subscriptions as well as Office 365 service data. In this post I explore the danger associated with this option how it is currently configured (as of May 2020). This is “by design” as a “break-glass” (emergency) option that can be used to (re)gain Azure admin rights if such access is lost. This article details a known configuration (at least to those who have dug into Azure AD configuration options) where it’s possible for a Global Administrator (aka Company Administrator) in Azure Active Directory to gain control of Azure through a tenant option. While Azure leverages Azure Active Directory for some things, Azure AD roles don’t directly affect Azure (or Azure RBAC) typically.

aad logs

In May 2020, I presented some Microsoft Office 365 & Azure Active Directory security topics in a Trimarc Webcast called “Securing Office 365 and Azure AD: Protect Your Tenant” and included the attack path described in this article that takes advantage of a little known feature.

aad logs

As I went through each of them, I found one that was very interesting. For most of 2019, I was digging into Office 365 and Azure AD and looking at features as part of the development of the new Trimarc Microsoft Cloud Security Assessment which focuses on improving customer Microsoft Office 365 and Azure AD security posture.









Aad logs
0 kommentar(er)
Om Mig: