Hybrid AD Security: Everything to Know about Passwords in Azure and On-Prem Active Directory

Webinar Registration

Password security has been through quite an evolution over the past 20 years. Back in the NT days and the dawning of the Internet, it was all about password hashes and how easy it was to obtain them in the first place and then crack them. And we believed that there was such a thing as “password complexity” and that beyond its existence it had a lot of value. 

Today passwords are still a thing and very important to security but the risk landscape has shifted a lot. The bad guys understand the real issues around security and those of us on the defense side are slow to catch up. Case in point is the NIST SP 800-63B. It’s been out almost 5 years now but it seems like few organizations have changed their policies to reflect the revolutionary conclusions reached in 800-63B. Whereas on the offense side, the bad guys have innovated new ways to exploit the intrinsically human side of passwords with techniques like password spraying and credential stuffing.

In this real training for free session, we are going to do a deep dive into how password security works in the hybrid AD environment that most of us find ourselves trying to protect today. We are going to look at the technical issues of passwords:

  • Hashing
  • Synchronization
  • Protection
  • Detection
  • Policy
  • Lockout

Azure AD Connect and Azure AD Password Protection are 2 key technologies that feature prominently in this discussion. We’ll help you understand how local AD password hashing works, on-prem risks of password hashing such as pass-the-hash and then how passwords and hashing works up in Azure AD. Finally, we’ll explore password hash synchronization from on-prem AD up to Azure and, potentially, back down to on-prem.

But we are going to look at all of this in the light of a modern understanding of the real issues of password security using guidance like SP 800-63B to explain why policies requiring long passwords or a wide variety of characters may actually be damaging to your security and why it’s better to be doing things like compromised password detection, custom password dictionary, blocking of username derivatives, fuzzy matching with common character substitutions, and continuous ongoing monitoring.

Enzoic is the perfect sponsor for this real training for free session and Josh Horwitz will join me for the discussion and briefly show you how their unique technology helps you deal with the real risks of passwords today.

Please join us!

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources