Azure & Azure AD Security Assessment
With its central identity and access management (IAM) component of Microsoft Azure Active Directory (Azure AD), Azure is currently widely used in Germany. This is also strongly promoted by its integration in Office 365. Even companies that don‘t actually use cloud infrastructure, but do use Office 365, use Azure AD to allow their users to log into cloud services with their internal credentials. This uses Azure AD Connect which synchronizes the local active directory with Azure AD. While this offers great advantages and simplifications for the company’s own users, it also harbors points of attack that would not have existed without this connection: all of a sudden, there is access to portals on the Internet where users can log in with their actual internal logins and access cloud services such as Exchange Online, SharePoint or OneDrive. Many of these new points of attack are not obvious at first glance. Protective measures must therefore be explicitly configured to prevent attacks such as password spraying or credential stuffing.
But even the configuration of Azure AD Connect raises important questions that have a significant impact on the security of Azure AD and the connected on-premise AD. Should it be password hash synchronization, pass-through authentication or Active Directory Federation Services (ADFS)? Each of these features has its own advantages and disadvantages, especially from a security perspective. If you aren’t sure which one makes the most sense for you, we will be happy to help you with our security consulting services.
But it’s not just Azure AD, but also the management of Azure resources that comes with security implications. It is not without reason that the Center for Internet Security (CIS) has published a CIS Microsoft Azure Foundations Benchmark, which is more than 300 pages long. NSIDE ATTACK LOGIC GmbH uses this benchmark as a basis in an Azure Security Assessment to combine Microsoft recommendations with your respective requirements and thus develop a meaningful, prioritized list of security deficiencies. Together with explanations as well as detailed and concrete recommendations for action, this quickly helps to improve the security of your cloud connection and supports you in making considered decisions.