May 2019
Intermediate to advanced
620 pages
21h 41m
English
Content preview from Active Directory Administration Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How it works...
Using Authentication Policies and Authentication Policy Silos is a perfect way to set the scene for Microsoft's Privileged Access Workstation strategy to prevent people from signing in with their privileged account to devices other than their secure ones. This way, lateral movement toward admin (cached) credentials is hugely limited, benefiting the overall security posture of the organization.
Authentication Policies define policies, but do not assign these policies to accounts. Authentication Policy Silos assign policies to accounts. An Authentication Policy can be assigned through many Authentication Policy Silos, as the policies need to be the same, but for different audiences of accounts.
When a person tries to log on ...