Microsoft will allow Domain Controllers to be allowed to have an internet connection
Recently, many enterprises have transitioned to cloud-based identity platforms such as Azure Active Dircetory (AAD) to take advantage of the latest authentication mechanisms such as passwordless sign-in and access. conditional.
At the same time, they also phased out the Active Directory (AD) infrastructure. However, other organizations are still using Domain Controllers (DCs) in hybrid or on-premises environments.
What you may not know is that the DC is also capable of Active Directory Domain Services (AD DS), which means that if the DC is infected with malicious code then basically all your accounts and systems are compromised. A few months ago, Microsoft issued a warning about an AD privilege escalation attack.
Microsoft has also provided detailed instructions on how to set up and secure DC, but they are currently preparing some updates to the process.
Previously, Microsoft emphasized that DCs should not be connected to the internet under any circumstances. With the changing cybersecurity landscape in mind, Microsoft has amended the rule that DCs should not have unattended access or the ability to run a web browser. Basically, it is possible to have a DC connected to the internet as long as that access is tightly controlled with the right protection mechanisms.
For companies using hybrid environments, Microsoft recommends that IT admins at least implement on-premises AD security through Defender for Indentity.
Basically, Microsoft still recommends that organizations operating in an air-gapped environment do not access the internet for legal and regulatory reasons. Other businesses can consider adding internet connectivity for Domain Controllers if they feel it's necessary and in line with internal policies.
Microsoft further shared that running web browsers on DCs should be limited by technical and policy controls. In addition, internet access to and from DCs in general also needs to be strictly controlled.
Microsoft recommends that all organizations move to a cloud-based approach for identity and access management, and move from Active Directory to Azure Active Directory (Azure AD). Azure AD is a complete cloud identity and access management solution for directory management, allowing access to cloud and on-premises applications, and protecting your computer from security threats. secret.
You should read it
- Stories behind .unicorn, .ninja and other strange domain names
- Instructions on how to check .vn domain name on VNNIC
- 7 best PS4 gaming controllers
- How to Find Out Who Registered a Domain
- Learn about .io domain names
- What is Domain Hijacking? How dangerous is it?
- This is the most dangerous domain name in the world at the present time, able to access the data of many companies
- List of Internet domain names by country
- 2/3 access on the Internet ... not human
- Instructions for installing Active Directory on Windows Server 2008
- The best, fastest DNS list of Google, VNPT, FPT, Viettel, Singapore
- Turn on / off concurrent connections to both Non-domain network and Domain on Windows 10
Maybe you are interested
When you encounter failure, remember these sayings How ChatGPT boss iris scanning sphere works How to accomplish goals in life How to Use the Theories of Motivation to Keep Yourself Uplifted 19 ideas to decorate warm and creative lights at home at Christmas 20 ideas for making Christmas decorations from spoons, old socks or excess wool