![]() ![]() I'm not sure if there's a way to restrict that or not, so that's where i'm currently stuck. Your Azure Active Directory (Azure AD) organization can turn on two-step verification for your account. ![]() In order for that to be adequate though, I then need to be able to prevent RSAT connections to Active Directory. What I think the only viable solution would be is to set up MFA for access to any Domain Controller in the domain. The first account was the compromised Azure AD Connector account, which had Global Administrator permissions as it was set up for an old solution (DirSync). Install and configure the Microsoft Azure AD Connect tool on the domain controller to connect to Azure AD and synchronize users of on-premise AD to Azure. ![]() I'm not aware of a way to set up any MFA for admin access to Active Directory itself, but I'm all ears if someone knows of a way. Multi-factor authentication is required for the following, including such access provided to 3rd party service providers:Īll internal & remote admin access to directory services (active directory, LDAP, etc.). I have received a "cyber security attestation" document from a major insurance provider and must be able to say yes to all of the items on it as a baseline to receive a policy. I've run into a puzzler and I'm hoping someone can give me a tip on how to solve this. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |