Azure ATP's identity security posture assessments
Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true with regards to use of unsupported or outdated components.
While your company may invest significant time and effort on hardening identities and identity infrastructure (such as Active Directory, Active Directory Connect) as an on-going project, it is easy to remain unaware of common misconfigurations and use of legacy components that represent one of the greatest threat risks to your organization. Microsoft security research reveals that most identity attacks utilize common misconfigurations in Active Directory and continued use of legacy components (such as NTLMv1 protocol) to compromise identities and successfully breach your organization. To combat this effectively, Azure ATP now offers proactive identity security posture assessments to detect and suggest improvement actions across your on-premise Active Directory configurations.
What do Azure ATP identity security posture assessments provide?
- Detections and contextual data on known exploitable components and misconfigurations, along with relevant paths for remediation.
- Azure ATP detects not only suspicious activities, but also actively monitors your on-premise identities and identity infrastructure for weak spots, using the existing Azure ATP sensor.
- Accurate assessment reports of your current organization security posture, enabling quick response and effect monitoring in a continuous cycle.
How do I get started?
Azure ATP security assessments are available using the Microsoft Cloud App Security portal after turning on the Azure ATP integration. To learn how to integrate Azure ATP into Cloud App Security, see Azure ATP integration.
Accessing Azure ATP security assessment reports in Cloud App Security do not require a Cloud App Security license, only an Azure ATP license is required.
Access Azure ATP using Cloud App Security
See the Cloud App Security quick start to familiarize yourself with the basics of using the Cloud App Security portal.
Identity security posture assessments
Azure ATP offers the following identity security posture assessments. Each assessment is a downloadable report with instructions for use and tools for building an action plan to remediate or resolve.
- Domain controllers with Print Spooler service available
- Dormant entities in sensitive groups
- Entities exposing credentials in clear text
- Microsoft LAPS usage
- Legacy protocols usage
- Riskiest lateral movement paths (LMP)
- Unmonitored domain controllers
- Unsecure account attributes
- Unsecure Kerberos delegation
- Unsecure SID History attributes
- Weak cipher usage
To access identity security posture assessments:
- Open the Microsoft Cloud App Security portal.
- Select Investigate from the left menu, then click Identity security posture from the drop-down menu.
- Click the identity security posture assessment you wish to review from the Security assessment reports list that opens.