Microsoft will allow Domain Controllers to be allowed to have an internet connection
Recently, many enterprises have transitioned to cloud-based identity platforms such as Azure Active Dircetory (AAD) to take advantage of the latest authentication mechanisms such as passwordless sign-in and access. conditional.
At the same time, they also phased out the Active Directory (AD) infrastructure. However, other organizations are still using Domain Controllers (DCs) in hybrid or on-premises environments.
What you may not know is that the DC is also capable of Active Directory Domain Services (AD DS), which means that if the DC is infected with malicious code then basically all your accounts and systems are compromised. A few months ago, Microsoft issued a warning about an AD privilege escalation attack.
Microsoft has also provided detailed instructions on how to set up and secure DC, but they are currently preparing some updates to the process.
Previously, Microsoft emphasized that DCs should not be connected to the internet under any circumstances. With the changing cybersecurity landscape in mind, Microsoft has amended the rule that DCs should not have unattended access or the ability to run a web browser. Basically, it is possible to have a DC connected to the internet as long as that access is tightly controlled with the right protection mechanisms.
For companies using hybrid environments, Microsoft recommends that IT admins at least implement on-premises AD security through Defender for Indentity.
Basically, Microsoft still recommends that organizations operating in an air-gapped environment do not access the internet for legal and regulatory reasons. Other businesses can consider adding internet connectivity for Domain Controllers if they feel it's necessary and in line with internal policies.
Microsoft further shared that running web browsers on DCs should be limited by technical and policy controls. In addition, internet access to and from DCs in general also needs to be strictly controlled.
Microsoft recommends that all organizations move to a cloud-based approach for identity and access management, and move from Active Directory to Azure Active Directory (Azure AD). Azure AD is a complete cloud identity and access management solution for directory management, allowing access to cloud and on-premises applications, and protecting your computer from security threats. secret.
Discover more
Share by
Jessica TannerYou should read it
- 7 best PS4 gaming controllers
- How to Find Out Who Registered a Domain
- Learn about .io domain names
- What is Domain Hijacking? How dangerous is it?
- This is the most dangerous domain name in the world at the present time, able to access the data of many companies
- The Quiet Details That Make a Sports Betting Platform Feel Reliable
- Instructions on creating toy set images with ChatGPT AI
- How are AI agents changing the journalism industry?
- Top 15 free games on Steam gamers should experience
- How to Get Cashback for Different Types of Games in 2022
- South Korean Crypto Firms Prepping to Meet the FATF Travel Rule