TR26-06

A new two-day workshop in english.

Entra ID Security Essentials: Authentication and Privileged Access

Your trainers are Lennart Brauns & Heinrich Wiederkehr.

 

Overview

With the push of different cloud technologies, companies require a place to centrally manage authentication and authorization to cloud services. Entra ID can act as one of these places and - as an identity provider - fundamentally changes how users authenticate and access resources compared to traditional on-premises environments. Administrators and security personnel need to be aware of these changes as well as new challenges that come with these changes to effectively secure Entra ID.

 

What complicates things is that adversaries are also aware of these changes and show an increased use of tactics and techniques to exploit gaps – such as configuration vulnerabilities – in the existing cloud protection. CrowdStrike’s Global Threat Report 2024 shows that the number of cloud-conscious cases (where adversaries were aware of cloud
access) increased by 110% year over year while successful intrusions into cloud environments increased by 75% year over year (2022 to 2023). This trend can also be seen in the ongoing focus of adversaries on identity-based and social engineering attacks (e.g., phishing) targeting account credentials, session cookies and tokens, as well as one-time passwords to gain legitimate access to Entra ID and other cloud environments.

 

This raises the relevant question: what can you do to protect your Entra ID users and the resources they access? This intensive two-day training aims to give you an overview over how Entra ID functions, how adversaries attack Entra ID, and how to protect against these attacks. Throughout the training we give you current, actionable recommendations to protect your own Entra ID tenant.

 

The training covers the following topics:

• Overview of access management in Entra ID
• Relationships between Entra ID, Microsoft 365, and Microsoft Azure
• Basics and functionality of multifactor authentication in Entra ID
• Basics and functionality of the OpenID Connect authentication protocol
• Basics and functionality of Conditional Access and Continuous Access Evaluation
• Attacks on credentials and privilege escalation in Entra ID
• Secure management of roles, permissions, and applications in Entra IDt

Day 1

 

• Introduction
  • First Cloud Items
  • Challenges in the Cloud
  • Entra ID in a Nutshell
  • Breaking Identities
• Multi-Factor Authentication in Entra ID
  • Bad Methods
  • Better Methods
  • Passwordless Methods
  • Pitfalls of MFA Administration
• Authentication & Authorization Deep Dive
  • Modern Authentication Fundamentals
  • Token Types and Token Usage
  • Role of Global Token Signing Keys
  • Stealing & Reusing Tokens
  • Detection of Stolen Tokens
  • Authentication & Zero Trust Principles
• Conditional Access & Conditional Access Evaluation Deep Dive
• Areas of Access Management
  • Entra ID Roles
  • Microsoft 365 Roles
  • Azure Roles
  • API Permissions & Applications
• Practical Exercises for Attacking Entra ID

Day 2

• Privileged Access Management Pitfalls
  • Management of Administrative Accounts
  • Management of Emergency Access Accounts
  • Delegation of Permissions via Security Groups
  • Management of Entra ID Roles
  • Entra ID Privileged Identity Management
  • Azure Resource Shadow Administrators
  • Service Principals & Illicit Consent Grant
  • Partner Relationships
• External Access & Collaboration
  • Types of Collaboration
  • Guest Account Types
  • External User Authentication Flow
  • External Collaboration Settings
  • Cross-Tenant Access Settings
• Identity Synchronization
  • Authentication Options for Hybrid Identities
  • Basics of Entra Connect Sync
  • Attacking Entra Connect
• Enterprise Access Model
  • Gaps in Microsoft’s Recommendations
  • Additional Resources for Designing and Implementing Privileged Access

 

 

Who should attend this training?

The training is intended for the following audiences:

• Technical staff responsible for the secure operation of Entra and Entra ID
• Technical staff responsible for hybrid environments with Entra ID
• Cloud architects with a focus on Microsoft Cloud in general and Entra in particular
• Project managers with a focus on Microsoft Cloud in general and Entra in particular
• IT security managers (including in small and medium-sized companies)

 

Requirements

The attendees should have:

• Basic knowledge of cloud technologies, Windows operating systems, as well as Active Directory; no expert knowledge required.
• For access to the training lab environment: availability of an HTML5-capable browser that allows unfiltered access via HTTPS

 

About the trainers:

Lennart Brauns is a Security Consultant with the Microsoft Security Team at ERNW Enno Rey Netzwerke GmbH. Starting his career as a systems-engineer in critical infrastructure he gained comprehensive knowledge and experience in Windows Active Directory, Microsoft Azure and Microsoft 365. Today his work is mainly focussed on security audits and pentests of enterprise environments.

 

 

Heinrich Wiederkehr is a Senior Security Consultant at ERNW Enno Rey Netzwerke GmbH and his focus lies on the assessment and evaluation of security-relevant areas in Windows-based environments, as well as the creation of related concepts and documentation. In addition to his work in audits and pentests of large enterprise networks with emphasis on Active Directory and the Windows operating system, he is also responsible for security trainings and talks. A multitude of projects for customers from different industry branches gives him a solid feeling for practical realities and an eye for essentials.