How it works...
Using Authentication Policies and Authentication Policy Silos is a perfect way to set the scene for Microsoft's Privileged Access Workstation strategy to prevent people from signing in with their privileged account to devices other than their secure ones. This way, lateral movement toward admin (cached) credentials is hugely limited, benefiting the overall security posture of the organization.
Authentication Policies define policies, but do not assign these policies to accounts. Authentication Policy Silos assign policies to accounts. An Authentication Policy can be assigned through many Authentication Policy Silos, as the policies need to be the same, but for different audiences of accounts.
When a person tries to log on ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access