๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅย ๐ณ๐ฒ.๐ฎ%ย of infrastructures Iโve assessedย ๐ธ๐ฒ๐ฒ๐ฝ ๐ฝ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ๐ฑ ๐ด๐ฟ๐ผ๐๐ฝ๐ ๐ฝ๐ผ๐ฝ๐๐น๐ฎ๐๐ฒ๐ฑ ๐ฎ๐ฐ/๐ณ
And yes โ weโre back in the 70% range, I skipped them by mistake.
๐๐ฒ๐โ๐ ๐๐๐ฎ๐ฟ๐ ๐๐ถ๐๐ต ๐๐ต๐ฒ ๐ฏ๐ฎ๐๐ถ๐ฐ๐:
โ You donโt need to be in Enterprise Admins or Schema Admins 24/7.
โ You should not use default groups like Server Operators, Account Operators, etc. These sound harmless โ but in reality, they often enable escalation paths attackers can exploit.
โ Review your privileged groups regularly.
โ Remove any accounts that donโt absolutely need to be there.
(โ ๏ธ Donโt touch the default AD\Administrator โ thatโs your DR account.)
You can scan for these misconfigurations using ๐๐๐ฃ๐ฟ๐ผ๐ฏ๐ฒ โ my free and transparent AD assessment tool.
๐๐ป๐ฑ ๐ถ๐ณ ๐๐ผ๐ ๐ป๐ฒ๐ฒ๐ฑ ๐ผ๐ป-๐ฑ๐ฒ๐บ๐ฎ๐ป๐ฑ ๐ฝ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ๐, ๐ฐ๐ผ๐ป๐๐ถ๐ฑ๐ฒ๐ฟ ๐ถ๐บ๐ฝ๐น๐ฒ๐บ๐ฒ๐ป๐๐ถ๐ป๐ด ๐๐๐๐-๐๐ป-๐ง๐ถ๐บ๐ฒ (๐๐๐ง) ๐ฎ๐ฐ๐ฐ๐ฒ๐๐:
๐น Microsoft PAM for on-prem AD
๐น Microsoft Entra PIM (for cloud & hybrid environments)
๐น Or follow Microsoftโs manual PIM model (this is quite old)
(I will provide resources for these in the comments)
Usually 3rd party tools are used, these are just examples from Microsoft – but you can do quite a lot with them.
Start small. Review your groups. Then grow into JIT if needed.
๐ ๐๐ผ ๐๐ผ๐ ๐๐๐ฒ ๐๐๐ง, ๐ฃ๐๐ , ๐ผ๐ฟ ๐ฃ๐๐ ๐ถ๐ป ๐๐ผ๐๐ฟ ๐ผ๐ฟ๐ด?
