You are on page 1of 16

Monitoring Active Directory: Both

Sponsored by
Azure AD and On-Premise AD – and
How Synchronization and Federation
Play In

© 2016 Monterey Technology Group Inc.

 Made possible by Thanks to .

 Today’s hybrid Active Directory environment Preview of  On-Prem AD key points  Azure AD  Synchronization with Azure AD Connect  Federation  Audit log management  On prem  Cloud  Connecting it all together  Enterprise audit and monitoring for the entry hybrid environment .

Active Directory in today’s hybrid environment Azure AD Connect .

computers. OUs.  System level Account Management On-Prem AD Audit policies User management Windows on Domain •  Audit policies • Group management Controllers • User management Computer auditing • • Group management  User rights management • Computer Directory Service  Security policies Domain controllers management Categories  System operations and their local • Audit Directory Changes  Logons Security Logs  Audit categories Security Windows  All except those below Log AD  Active Directory  Users. Group Policy Objects Windows  Audit categories Security Log AD  Account Management  Directory Service Access  Directory Service Changes Windows Security  Destination Log AD  Security log on each Audit policies domain controller • User management Audit • policies Group management •• All others Computer management . groups.

computers Directory  Audit categories  Not applicable – on by default  Destination  Initial  Graph API Graph API Graph  All Azure events  Office 365 Unified Audit Log  Azure AD events Mgt Activity API O365 .  System level Azure AD  Not applicable auditing  Active Directory Azure Active  Users. groups.

 In almost all cases you are Do you need synchronizing on-prem AD to Azure AD to audit Azure  So if Azure AD is just a AD? projection of on-prem AD why monitor? Objects  Synch’d objects from on- Sync'd prem is only a subset of the objects in Azure AD  Including very important Objects tenant admin accounts  Creating a blind spot against one of the most important risks  Intruder gains privileged access to your tenant .

et al  Centralizes more of your authentication/logon audit log  Provides a central chokepoint at which  Enforce policies  Observe access patterns and anomalies  Deny access . unauthorized d changes and intrusion Objects  Federation ADFS.  Federation impacts authentication How does not account management and directory security federation  You still have affect the  On-prem AD story?  Azure AD Objects  Both can still suffer harm from Sync' mistakes.

 On-Prem Active Directory Audit log  Audit log policy management   Log collection Interpreting events Domain controllers and their local Security Logs Security Windows Log AD Windows Security Log ? AD Windows Security Log AD .

 Azure AD Audit log  Audit policy management  Log collection  Office 365 Azure Active Management Activity API Directory  Azure Graph API  Interpreting events Gra Graph ph A PI ? API ctivity Mgt A O365 .

Attacks Attacks The big picture Attack s Attack s ks ttac A .

.  Active Directory is the foundation of security Bottom line  On-prem  In the cloud  Impossible to be compliant and secure without monitoring it  On-prem  In the cloud  On-prem AD and Azure AD both do a fair job of generating audit events  But what about  Collection  Search  Reporting  Secure archival  Correlation  Alerting  Check out Netwrix © 2016 Monterey Technology Group Inc.

configurations. and access in hybrid cloud IT environments by providing security analytics to detect anomalies in user behavior and investigate threat pattern before a data breach occurs. .About Netwrix Auditor Netwrix Auditor A visibility and governance platform that enables control over changes.

Netwrix Auditor Applications Netwrix Auditor Platform Netwrix Auditor for Netwrix Auditor for Netwrix Auditor Netwrix Auditor for Active Directory Azure AD for Exchange Office 365 Netwrix Auditor for Netwrix Auditor Netwrix Auditor Netwrix Auditor for Windows File Servers for EMC for NetApp SharePoint Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for Netwrix Auditor for Oracle Database SQL Server Windows Server VMware .

with no professional services required m . 15-minute deployment.Why Netwrix Auditor? m Sharp focus on visibility and governance m Broadest coverage of on-premises and cloud systems m Truly integrated as opposed to multiple hard-to-integrate standalone tools from other vendors m Noise-free security analytics m Non-intrusive architecture m API-enabled ecosystem integrations m Cost-effective two-tiered storage (file-based + SQL database) holding consolidated audit data for more than 10 years m Fast.

com/go/appliance m Test Drive: virtual POC. try in a Netwrix-hosted test lab .Next Steps m Free Trial: setup in your own test environment netwrix.com/freetrial m Virtual Appliance: get Netwrix Auditor up and running in minutes netwrix.