conférences
BSides Paris 2024
- 4 avril 2024
- 16h50
- Auditorium
Best Practices for Resynchronizing AD and Entra ID After Forest Recovery
Par Jorge de Almeida Pinto
Session en anglais
With cybercrime on the rise, ransomware attacks that target Active Directory (AD) – the primary identity store for most businesses worldwide – are as common as a cup of coffee. If, like many organizations today, you have a hybrid identity environment that combines AD with Entra ID (formerly known as Azure AD), are you prepared for the worst-case scenario? If your AD was burned to the ground, you hopefully have (at a minimum) backups to perform a forest recovery.
But what then? After assessing the security of your AD and mitigating any (critical) risks (you plan to do this right?), do you simply reconnect and allow synchronization to occur between AD and Entra ID, or do you perform a GAP analysis first? Knowing which precautionary measures to take to minimize damage (i.e., impact of user experience and data loss) within Entra ID is of utmost importance!
In this session, we will discuss what the problem is, explain how to perform a GAP analysis and also how to close any disclosed GAPs before reconnecting AD and Entra ID and enabling synchronization. Last but not least, we will also explain the differences between the usage of Entra AD Connect Sync (formerly known as Azure AD Connect Sync) and Entra Cloud Sync (formerly known as Azure AD Cloud Sync).
• Learn the basic next steps to take after a forest recovery
• Learn which backup to choose and why
• Learn the steps to perform a gap analysis
• Learn the steps to remediate impact
• Learn how to use Entra Connect Sync or Entra Cloud Sync in a scenario like this
Jorge de Almeida Pinto
Jorge de Almeida Pinto, a Semperis Solutions Architect and Senior Incident Response Lead, helps customers proactively and reactively to be and remain secure.
He has been a Microsoft MVP since 2006, and has a specific focus on designing, implementing, securing and recovering Microsoft Identity & Access Management (IAM) technologies.
Throughout the years, his experience includes work with Active Directory (AD), Active Directory Federation Services (ADFS), Microsoft Entra ID (EID) (a.k.a. Azure Active Directory), Entra Connect/Cloud Sync, Microsoft Identity Manager (MIM), and developing (security-related) scripts.
Big thanks
Nos sponsors 2024
L’organisation de cette première édition du BSides Paris serait impossible sans le soutien de nos partenaires.
Vous êtes un acteur du monde de la cybersécurité et souhaitez sponsoriser l’événement BSides Paris ? Contactez-nous !