Please have a look also at Plan a passwordless authentication deployment with Azure AD | Microsoft Docs. The solution is today present : the use a security key (FIDO2) : Passwordless security key sign-in to on-premises resources - Azure Active Directory | Microsoft Docs.
Many customers asked me, after they have used Azure/Office 365 MFA: is it possible to use something like that to log on to the domain/on prem resources. No direct or indirect guarantee is given, and this cannot be considered official documentation. It’s up to you to integer this work into your security posture and evaluate impacts. I am not here to discuss if this document in any parts adhere to all principles and best practices of a secure administration environment, I just want to show a feature as a proof of concept. Obtain above with a sort of simplicity and costs control. Connect to Domain Controller thorough RDP form the PAW using SSO (Single Sign On). Same credential can be used on prem and in cloud (if needed). Have only one identity with one strong credential. Have the ability to use multiple PAWs (privileged access workstation) with same MFA credential. :max_bytes(150000):strip_icc()/MS_Authenticator6-d84b6016b0d54cca86b9896114f1ddf3.jpg "setup ms authenticator")
Eradicate from the domain the password presence for those privileged accounts (make impossible to use a password to log on to domain to prevent some king of password attacks).Use that solution to protect privileged accounts passwords.
Configure a modern MFA solution to access on prem Windows 10 PC.I am here just to demonstrate that today is technically possible (Proof of Concept):
0 kommentar(er)
