On Tuesday, September 3, 2024, we had the pleasure of welcoming the Dutch Microsoft Entra Community to our office in Amsterdam.
Their Meetups focus on all Microsoft Entra technologies and are designed to share knowledge and experience. Topics covered include Entra ID, Entra ID Governance, Entra Permission Management, Entra Verified ID, Entra External ID, Entra Internet Access, Entra Private Access, and more!
The evening began with a brief welcome, where Jan Bakker, Michel van Vliet, and Pim Jacobs discussed the latest Microsoft Entra features from the past three months. This was followed by the following sessions:
——————————————————————————————-
So You Travelled Back In Time. Reconnecting Mismatching Core Identity Stores!
Speaker: Jorge de Almeida Pinto
With cybercrime on the rise, ransomware attacks that target Active Directory (AD) – the primary identity store for most businesses worldwide – are as common as a cup of coffee. If, like many organizations today, you have a hybrid identity environment that combines AD with Entra ID (formerly known as Azure AD), are you prepared for the worst-case scenario? If your AD was burned to the ground, you hopefully have (at a minimum) backups to perform a forest recovery. But what then? After assessing the security of your AD and mitigating any (critical) risks (you plan to do this right?), do you simply reconnect and allow synchronization to occur between AD and Entra ID, or do you perform a GAP analysis first? Knowing which precautionary measures to take to minimize damage (i.e., impact of user experience and data loss) within Entra ID is of utmost importance!
In this session, we will shortly discuss what the problem is, explain how to perform a GAP analysis and also how to close any disclosed GAPs before reconnecting AD and Entra ID and enabling synchronization.
The remainder of the session will focus on showing the process how this could be done. The attendees will be guided through the complete process.
In summary, THROUGH A DEMO, attendees will see and learn:
- The next steps to take after a forest recovery
- Which backup to choose and why
- The steps to perform a gap analysis
- The steps to remediate impact
- How to use Entra Connect Sync or Entra Cloud Sync in a scenario like this.
——————————————————————————————-
UnOAuthorized: A discovered path to privilege elevation to Global Administrator
Speaker: Eric Woodruff
For customers of Microsoft 365 and Azure, obtaining the role of Global Administrator (GA) is every attacker’s dream – it is the Domain Administrator of the cloud. This makes Global Administrator every organization’s nightmare of being owned by a threat group or hacker. Luckily, well-defined role-based access control and a strict application consent model can severely limit who gets their fingers on Global Administrator – or does it?
This talk explores a novel discovery that resulted in privilege elevation to Global Administrator in Entra ID, found in a place and through a way least expected. Part conversation about the research background, part discussion of the foundational components involved, this talk will walk step-by-step through the path to privilege elevation and obtaining Global Administrator. While Microsoft has resolved the underlying vulnerability, we will cover the markers organizations can look for to determine if they were targeted by this abuse.
After exploring the discovery we will look at ways in which organizations must protect highly privileged service principals integrated into their Entra ID, to ensure they don’t unknowingly create similar paths of privilege elevation.
——————————————————————————————-
After sharing a wealth of knowledge about Microsoft Entra, all attendees enjoyed some well-deserved relaxation with good food, drinks, and sunshine.
Would you like to attend one of the upcoming Dutch Microsoft Entra Community meetups? Click here for more information.