How Should You Define Active Directory Health?

Let’s admit it! Active Directory health check is a challenge – no matter the company size. Symptoms of Poor Active Directory Health The first indication that your organization’s Active Directory isn’t healthy is when a flood of calls comes to the help desk indicating a potential crisis is brewing. Active Directory works okay even when…

Anonymous Hacker

5 Reasons Why Cyberattackers Love AD Groups

Current research regarding cyberattacks shows that hackers target Groups in Active Directory, Azure AD and Office 365. Why are groups so attacker-friendly. The CrowdStrike 2019 Global Threat Report discusses how long it takes for attackers that have compromised a single endpoint to move laterally within your network. The Russians have the best average time at a little…

Active Directory Group Management

Is Just in Time too much time?

There has been a lot of talk over the past few years on Just In Time provisioning. That is, using an SSO (Single Sign On) platform to create nearly real-time accounts in web-based applications the first time they are used. This increases productivity and reduces the amount of work required for IT workers to create…

0 percent trust security

Why Zero Trust Security Requires Group and Identity Management

The latest trend in security – Zero Trust Security – demands a “never trust, always verify” approach. At the heart of this approach is the requirement that the configuration of identity and associated assigned security is 100% correct. Without this in place, Zero Trust is protecting an insecure environment. If you’re new to Zero Trust,…

office 365

Managing Microsoft 365 (and Office 365) Groups in the Enterprise

The shift to the cloud has many organizations focused on the productivity features available in a given cloud suite. And M365 is no exception. There’s a long list of applications in M365 – a list that’s continually growing. But, Using M365 isn’t just about productivity; it’s also about security and control for IT.  And, like…

Microsoft azure

Directories, How Many Are You Really Managing?

Directories, How Many Are You Really Managing? Directories came from a simpler time – one where a single, on-premise directory was enough. But recent shifts in how businesses leverage technology – such as the digital transformation, and the move to cloud-based applications and infrastructure –  have given way to use of SSO (link), concepts like…

Group Access Card

Groups: Active Directory’s Access Card

RFID access cards are commonplace in many companies. These cards provide access to different sections of the office, often limiting access to the appropriate people, so that not everyone has access to all locations within the building. For example, not everyone has access to the server room. And sometimes, because of this, many of us…

Password Resets via Helpdesk

Password Resets, Self-Service, and Security

I called the bank the other day, and even though I was only asking a simple question, I had to provide the last 4 digits of my social security number, my birthdate, and my verbal password. These security measures are in place in order for the banks to protect the assets they deem critical (which…

Privilege Misuse

The State of Insider and Privilege Misuse, 2016

In several previous articles, this blog has focused on the importance of the relationship between privileges and Active Directory group management. The two go hand-in-hand: if groups aren’t properly managed, permissions tend to get out of control. Given the importance of this relationship, let’s examine the current state of what users are able to do…

Group Vault

The Role of Group Management in PAM Strategy

Privileged Account Management (PAM) is a key part of any security strategy. For those of you who may not be familiar with it, PAM focuses on improving the security of privileged accounts and providing more controlled access to those accounts — from an account with Enterprise Admin rights all the way down to an account…