SlideShare a Scribd company logo

Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windows ?

Identity Days
Identity Days

Une conférence proposée par Xuan Ahehehinnou, Nicolas Bonnet & Hakim Taoussi Sur les ordinateurs et les serveurs, tout compte utilisateur/ système / de service, avec privilège d’administrateur local présente un très haut niveau de risque. Ces risques de sécurité pouvant ouvrir la porte à des attaques pass-the-hash et autres vols d’informations d’identification, exécution de malware, mouvement latéral, désactivation des mécanismes de défense comme l’antivirus ou l’EDR, impersonation, chiffrement des données, etc. Dans cette session, nous vous détaillerons donc les bonnes pratiques ainsi que des outils et fonctionnalités Microsoft comme : LAPS, Endpoint Privilege Management, Account protection

Technology
1 of 19
Download to read offline
24 octobre 2023 - PARIS 5ème édition @IdentityDays #identitydays2023
Pourquoi et Comment maîtriser les privilèges d'administrateur local sur Windows 24 octobre 2023 - PARIS Identity Days 2023 Xuan AHEHEHINNOU Hakim TAOUSSI Nicolas BONNET
• Pourquoi ? Quels sont les Risques ? • Comment les Maîtriser ? • Active Directory, Entra ID • Windows LAPS • Intune Account protection • Intune Endpoint Privilege Management • Conclusion AGENDA DE LA CONFÉRENCE 24 octobre 2023 - PARIS Identity Days 2023 Xuan AHEHEHINNOU Microsoft 365 Solution Architect MCT @Abalon Hakim TAOUSSI Technical Architect MVP Security @Insight Nicolas BONNET CEO & IT Architect MVP Enterprise Mobility @InYourCloud
Pourquoi ? Quels sont les Risques ? Identity Days 2023 24 octobre 2023 - PARIS
The Risks Associated with Local Administrative Privileges Why Local Admin Privileges? Identity Days 2023 • Many companies allow their employees to make adjustments to their work computers without the need for IT interference. • Users generally enjoy the freedom that local admin rights provide. • However, providing users with local admin rights will leave holes in your cybersecurity. 24 octobre 2023 - PARIS Over 90% of the vulnerabilities in Windows arise due to Local Admin rights • Pass-the-hash attacks and lateral movement. • One password to unlock any local admin account. • Risk of malware entry. • Bypass security settings, run exploit code. • …
Why No User Should Have Local Admin Rights? A user with local admin rights, or an attacker impersonating the user, can: Identity Days 2023 • Change boot and hardware configurations (enable/disable devices, change CPU and memory voltage and frequencies, etc.) • Modify or delete storage volumes • Radically simplify malware techniques, such as code injection and DLL hijacking • Easily gain persistence on a machine with the registry fully open for analysis and modification • Disable journaling, alter or wipe events • Disable backup agents or modify backup configurations … and wipe any local backup copy while they’re at it • Modify shadow copy settings or copy shadow copy (to exfiltrate previously “deleted” data) • Modify users, add users, add administrative users or hide administrative users from the login menu • Access every user’s data on the machine and change file and folder owners • Encrypt hard drive master boot record (MBR), also known as a 15-second full-disk ransomware encryption • Disable or reconfigure existing endpoint security solutions • Change network settings, add trust zones, set up tunnels or reroute traffic • Change the domain name system (DNS), hijack the DNS or exfiltrate data through DNS requests • Modify browser settings or add browser extensions • Access every secret stored on the machine: In Windows credential providers, in the browser, in Putty, in FileZilla or any other program that stores credentials • Access and modify certificate stores, change trust chains and decrypt any secure communication • Live off the land luxuriously • Access, analyze and modify memory content • Use security services to gain code execution in local security authority server service (LSASS), which can also be used to extract password hashes and Kerberos tickets • Install ANY non-malicious administrative tool and deploy an arsenal of benign tools (that become the “ultimate attacker toolkit” in the wrong hands) without triggering the antivirus • Install cryptominer malware to take over the machine’s resources and use them for illicit cryptocurrency mining • Enable built-in or third-party hardware trackers to locate devices anywhere in the world • Bypass and/or disable user access control (UAC) • Downgrade drivers, versions and libraries, or force the use of known vulnerable protocols and programs • Flash firmware to connected devices (e.g., disable LED on a camera or load modified firmware on to a PLC) • Access security tokens and encryption keys • Jump air gaps to access critical operational technology (OT) systems • … 24 octobre 2023 - PARIS
AV and EDR killers Cybercriminals have been using anti-virus (AV) and Endpoint Detection and Response (EDR) solutions killers as a method to propagate malware evading detection. Identity Days 2023 24 octobre 2023 - PARIS 0xHossam/Killer: Is a AV/EDR Evasion tool created to bypass security tools for learning Terminator antivirus killer is a vulnerable Windows driver in disguise
Comment les Maîtriser ? Identity Days 2023 24 octobre 2023 - PARIS
Identity Days 2023 24 octobre 2023 - PARIS Implementing Least-Privilege Administrative Models In Active Directory • Securing & controlling Local Administrator Accounts & Groups • Configuring GPOs to Restrict Administrator Accounts on Domain-Joined Systems • Securing & controlling Built-in Administrator Accounts • Securing Administrators, Domain Admins and Enterprise Admins Groups • Role-Based Access Controls (RBAC) • Privileged Identity Management In Entra ID (formerly Azure Active Directory) • When you connect a Windows device with Entra ID using an Entra ID join, Entra ID adds the following security principals to the local administrator' group on the device: • The Global Administrator role • The Microsoft Entra Joined Device Local Administrator role • In BYOD context, the user account performing the Entra ID join • You can’t scope Microsoft Entra Joined Device Local Administrator role to a specific set of devices. • Starting with Windows 10 version 20H2, you can use Entra ID groups to manage administrator privileges on Entra ID joined devices with the Local Users and Groups MDM policy.
Identity Days 2023 24 octobre 2023 - PARIS Eliminate Local Admin Rights Across the Board
Windows LAPS Identity Days 2023 24 octobre 2023 - PARIS
Identity Days 2023 24 octobre 2023 - PARIS Manage and backup the password of the local admin on Entra ID joined device Some benefits of using Windows LAPS • Protects computers against pass-the-hash and lateral-traversal attacks • Improved security for the computer only joined to Entra ID • Ability to sign in to and recover devices that are otherwise inaccessible • Improved the management of the computer with a modern management (Intune / Entra ID) • Use RBAC, PIM and Conditional Access for securing password that are stored in Entra ID Cloud Windows LAPS (GA)
Intune Account protection Identity Days 2023 24 octobre 2023 - PARIS
Identity Days 2023 24 octobre 2023 - PARIS Account protection policy for endpoint security in Intune Local user group membership profile to add, remove, or replace members of the built-in local groups on Windows devices • For example, the Administrators local group has broad rights. You can use this policy to edit the Admin group's membership to lock it down to a set of exclusively defined members.
Intune Endpoint Privilege Management (EPM) Identity Days 2023 24 octobre 2023 - PARIS
Identity Days 2023 24 octobre 2023 - PARIS Use Intune Endpoint Privilege Management EPM allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. • Run with elevated access • File elevation and elevation types • Automatic elevation rules / User confirmed rules • Managed elevations vs unmanaged elevations
Identity Days 2023 24 octobre 2023 - PARIS CONCLUSION
Identity Days 2023 24 octobre 2023 - PARIS Conclusion • Remove local admin rights and enforce least privilege to reduce endpoint security vulnerabilities, then elevate end-user privileges on demand, in real time, with little or no helpdesk involvement. • Block ransomware by tightly controlling application permissions based on fine- grained, conditional business rules. Defend against other threats targeting and originating on endpoints. • Enhance the user experience by giving the right people and applications the right access to the right resources at the right times. • Protect Windows, Windows Server endpoints from hybrid to cloud environments.
Identity Days 2023 24 octobre 2023 - PARIS @IdentityDays #identitydays2023

Recommended

BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017Blue Teamer
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5Kabul Education University
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 

Recommended

BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017Blue Teamer
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5Kabul Education University
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxjohncenafls
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges SolarWinds
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsIvanti
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itPeter Daalmans
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran System Polska
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
Microsoft on open source and security
Microsoft on open source and securityMicrosoft on open source and security
Microsoft on open source and securityDavid Voyles
 
Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisIdentity Days
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Identity Days
 

More Related Content

Similar to Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windows ?

Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxjohncenafls
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges SolarWinds
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsIvanti
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itPeter Daalmans
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Microsoft on open source and security
Microsoft on open source and securityMicrosoft on open source and security
Microsoft on open source and securityDavid Voyles
 

Similar to Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windows ? (20)

Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptx
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security Analysis
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized Desktops
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran system functions v. 5.0
Ekran system functions v. 5.0
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 
Azure security
Azure securityAzure security
Azure security
 
Microsoft on open source and security
Microsoft on open source and securityMicrosoft on open source and security
Microsoft on open source and security
 

More from Identity Days

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisIdentity Days
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Identity Days
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Identity Days
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiqueIdentity Days
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...Identity Days
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Identity Days
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...Identity Days
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneIdentity Days
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Identity Days
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Identity Days
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADIdentity Days
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Identity Days
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGIdentity Days
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxIdentity Days
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...Identity Days
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Identity Days
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGIdentity Days
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Identity Days
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Identity Days
 

More from Identity Days (20)

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromis
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratique
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant Intune
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptx
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windows ?

  • 1. 24 octobre 2023 - PARIS 5ème édition @IdentityDays #identitydays2023
  • 2. Pourquoi et Comment maîtriser les privilèges d'administrateur local sur Windows 24 octobre 2023 - PARIS Identity Days 2023 Xuan AHEHEHINNOU Hakim TAOUSSI Nicolas BONNET
  • 3. • Pourquoi ? Quels sont les Risques ? • Comment les Maîtriser ? • Active Directory, Entra ID • Windows LAPS • Intune Account protection • Intune Endpoint Privilege Management • Conclusion AGENDA DE LA CONFÉRENCE 24 octobre 2023 - PARIS Identity Days 2023 Xuan AHEHEHINNOU Microsoft 365 Solution Architect MCT @Abalon Hakim TAOUSSI Technical Architect MVP Security @Insight Nicolas BONNET CEO & IT Architect MVP Enterprise Mobility @InYourCloud
  • 4. Pourquoi ? Quels sont les Risques ? Identity Days 2023 24 octobre 2023 - PARIS
  • 5. The Risks Associated with Local Administrative Privileges Why Local Admin Privileges? Identity Days 2023 • Many companies allow their employees to make adjustments to their work computers without the need for IT interference. • Users generally enjoy the freedom that local admin rights provide. • However, providing users with local admin rights will leave holes in your cybersecurity. 24 octobre 2023 - PARIS Over 90% of the vulnerabilities in Windows arise due to Local Admin rights • Pass-the-hash attacks and lateral movement. • One password to unlock any local admin account. • Risk of malware entry. • Bypass security settings, run exploit code. • …
  • 6. Why No User Should Have Local Admin Rights? A user with local admin rights, or an attacker impersonating the user, can: Identity Days 2023 • Change boot and hardware configurations (enable/disable devices, change CPU and memory voltage and frequencies, etc.) • Modify or delete storage volumes • Radically simplify malware techniques, such as code injection and DLL hijacking • Easily gain persistence on a machine with the registry fully open for analysis and modification • Disable journaling, alter or wipe events • Disable backup agents or modify backup configurations … and wipe any local backup copy while they’re at it • Modify shadow copy settings or copy shadow copy (to exfiltrate previously “deleted” data) • Modify users, add users, add administrative users or hide administrative users from the login menu • Access every user’s data on the machine and change file and folder owners • Encrypt hard drive master boot record (MBR), also known as a 15-second full-disk ransomware encryption • Disable or reconfigure existing endpoint security solutions • Change network settings, add trust zones, set up tunnels or reroute traffic • Change the domain name system (DNS), hijack the DNS or exfiltrate data through DNS requests • Modify browser settings or add browser extensions • Access every secret stored on the machine: In Windows credential providers, in the browser, in Putty, in FileZilla or any other program that stores credentials • Access and modify certificate stores, change trust chains and decrypt any secure communication • Live off the land luxuriously • Access, analyze and modify memory content • Use security services to gain code execution in local security authority server service (LSASS), which can also be used to extract password hashes and Kerberos tickets • Install ANY non-malicious administrative tool and deploy an arsenal of benign tools (that become the “ultimate attacker toolkit” in the wrong hands) without triggering the antivirus • Install cryptominer malware to take over the machine’s resources and use them for illicit cryptocurrency mining • Enable built-in or third-party hardware trackers to locate devices anywhere in the world • Bypass and/or disable user access control (UAC) • Downgrade drivers, versions and libraries, or force the use of known vulnerable protocols and programs • Flash firmware to connected devices (e.g., disable LED on a camera or load modified firmware on to a PLC) • Access security tokens and encryption keys • Jump air gaps to access critical operational technology (OT) systems • … 24 octobre 2023 - PARIS
  • 7. AV and EDR killers Cybercriminals have been using anti-virus (AV) and Endpoint Detection and Response (EDR) solutions killers as a method to propagate malware evading detection. Identity Days 2023 24 octobre 2023 - PARIS 0xHossam/Killer: Is a AV/EDR Evasion tool created to bypass security tools for learning Terminator antivirus killer is a vulnerable Windows driver in disguise
  • 8. Comment les Maîtriser ? Identity Days 2023 24 octobre 2023 - PARIS
  • 9. Identity Days 2023 24 octobre 2023 - PARIS Implementing Least-Privilege Administrative Models In Active Directory • Securing & controlling Local Administrator Accounts & Groups • Configuring GPOs to Restrict Administrator Accounts on Domain-Joined Systems • Securing & controlling Built-in Administrator Accounts • Securing Administrators, Domain Admins and Enterprise Admins Groups • Role-Based Access Controls (RBAC) • Privileged Identity Management In Entra ID (formerly Azure Active Directory) • When you connect a Windows device with Entra ID using an Entra ID join, Entra ID adds the following security principals to the local administrator' group on the device: • The Global Administrator role • The Microsoft Entra Joined Device Local Administrator role • In BYOD context, the user account performing the Entra ID join • You can’t scope Microsoft Entra Joined Device Local Administrator role to a specific set of devices. • Starting with Windows 10 version 20H2, you can use Entra ID groups to manage administrator privileges on Entra ID joined devices with the Local Users and Groups MDM policy.
  • 10. Identity Days 2023 24 octobre 2023 - PARIS Eliminate Local Admin Rights Across the Board
  • 11. Windows LAPS Identity Days 2023 24 octobre 2023 - PARIS
  • 12. Identity Days 2023 24 octobre 2023 - PARIS Manage and backup the password of the local admin on Entra ID joined device Some benefits of using Windows LAPS • Protects computers against pass-the-hash and lateral-traversal attacks • Improved security for the computer only joined to Entra ID • Ability to sign in to and recover devices that are otherwise inaccessible • Improved the management of the computer with a modern management (Intune / Entra ID) • Use RBAC, PIM and Conditional Access for securing password that are stored in Entra ID Cloud Windows LAPS (GA)
  • 13. Intune Account protection Identity Days 2023 24 octobre 2023 - PARIS
  • 14. Identity Days 2023 24 octobre 2023 - PARIS Account protection policy for endpoint security in Intune Local user group membership profile to add, remove, or replace members of the built-in local groups on Windows devices • For example, the Administrators local group has broad rights. You can use this policy to edit the Admin group's membership to lock it down to a set of exclusively defined members.
  • 15. Intune Endpoint Privilege Management (EPM) Identity Days 2023 24 octobre 2023 - PARIS
  • 16. Identity Days 2023 24 octobre 2023 - PARIS Use Intune Endpoint Privilege Management EPM allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. • Run with elevated access • File elevation and elevation types • Automatic elevation rules / User confirmed rules • Managed elevations vs unmanaged elevations
  • 17. Identity Days 2023 24 octobre 2023 - PARIS CONCLUSION
  • 18. Identity Days 2023 24 octobre 2023 - PARIS Conclusion • Remove local admin rights and enforce least privilege to reduce endpoint security vulnerabilities, then elevate end-user privileges on demand, in real time, with little or no helpdesk involvement. • Block ransomware by tightly controlling application permissions based on fine- grained, conditional business rules. Defend against other threats targeting and originating on endpoints. • Enhance the user experience by giving the right people and applications the right access to the right resources at the right times. • Protect Windows, Windows Server endpoints from hybrid to cloud environments.
  • 19. Identity Days 2023 24 octobre 2023 - PARIS @IdentityDays #identitydays2023