It may also mean admins will no longer be able to (remotely) manage the systems. Also, this may cause certificates to expire, monitoring to halt and/or backups to fail. This may cause diminished functionality, when Password Hash Sync (PHS) is used as the authentication method. This may affect authentications directly when using Active Directory Federation Services (AD FS) or Pass-through Authentication as authentication method in the Hybrid Identity implementation. When the systems of an Hybrid Identity implementation are improperly hardened, there will be no communication between Azure Active Directory and the systems of the implementation, and/or between the systems of the Hybrid Identity implementation. Possible negative impact (What could go wrong?)
For Azure Active Directory, they are changing the negotiation settings on their systems regularly, to avoid downgrades in encryption standards. Microsoft recommends organizations to use strong protocols, cipher suites and hashing algorithms. To use the strongest ciphers and algorithms it’s important to disable the ciphers and algorithms you no longer want to see used. The purpose is to use the most secure protocols, cipher suites and hashing algorithms that both ends support. Typically, ciphers and algorithms to use are based on a negotiation between both ends of a communications channel. Protocols, cipher suites and hashing algorithms are used to encrypt communications in every Hybrid Identity implementation.
It changes the default behavior of products and services to make them more resilient to unauthorized changes and compromise. Hardening provides additional layers to defense in depth approaches. This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows Server 2016. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations.
0 kommentar(er)
