Entra ID Security Essentials

With the push of different cloud technologies, companies require a place to centrally manage authentication and authorization to cloud services. Entra ID can act as one of these places and - as an identity provider - fundamentally changes how users authenticate and access resources compared to traditional on-premises environments. Administrators and security personnel need to be aware of these changes as well as new challenges that come with these changes to effectively secure Entra ID.

What complicates things is that adversaries are also aware of these changes and show an increased use of tactics and techniques to exploit gaps – such as configuration vulnerabilities – in the existing cloud protection. CrowdStrike’s Global Threat Report 2024 shows that the number of cloud-conscious cases (where adversaries were aware of cloud access) increased by 110% year over year while successful intrusions into cloud environments increased by 75% year over year (2022 to 2023). This trend can also be seen in the ongoing focus of adversaries on identity-based and social engineering attacks (e.g., phishing) targeting account credentials, session cookies and tokens, as well as one-time passwords to gain legitimate access to Entra ID and other cloud environments.

This raises the relevant question: what can you do to protect your Entra ID users and the resources they access? This intensive two-day training aims to give you an overview over how Entra ID functions, how adversaries attack Entra ID, and how to protect against these attacks. Throughout the training we give you current, actionable recommendations to protect your own Entra ID tenant.

The training covers the following topics:

  • Overview of access management in Entra ID
  • Relationships between Entra ID, Microsoft 365, and Microsoft Azure
  • Basics and functionality of multifactor authentication in Entra ID
  • Basics and functionality of the OpenID Connect authentication protocol
  • Basics and functionality of Conditional Access and Continuous Access Evaluation
  • Attacks on credentials and privilege escalation in Entra ID
  • Secure management of roles, permissions, and applications in Entra ID

Day 1:

  • Introduction
    • First Cloud Items
    • Challenges in the Cloud
    • Entra ID in a Nutshell
    • Breaking Identities
  • Multi-Factor Authentication in Entra ID
    • Bad Methods
    • Better Methods
    • Passwordless Methods
    • Pitfalls of MFA Administration
  • Authentication & Authorization Deep Dive
    • Modern Authentication Fundamentals
    • Token Types and Token Usage
    • Role of Global Token Signing Keys
    • Stealing & Reusing Tokens
    • Detection of Stolen Tokens
    • Authentication & Zero Trust Principles
    • Conditional Access & Conditional Access Evaluation Deep Dive
    • Areas of Access Management
    • Entra ID Roles
    • Microsoft 365 Roles
    • Azure Roles
    • API Permissions & Applications
  • Practical Exercises for Attacking Entra ID

Day 2:

  • Privileged Access Management Pitfalls
    • Management of Administrative Accounts
    • Management of Emergency Access Accounts
    • Delegation of Permissions via Security Groups
    • Management of Entra ID Roles
    • Entra ID Privileged Identity Management
    • Azure Resource Shadow Administrators
    • Service Principals & Illicit Consent Grant
    • Partner Relationships
  • External Access & Collaboration
    • Types of Collaboration
    • Guest Account Types
    • External User Authentication Flow
    • External Collaboration Settings
    • Cross-Tenant Access Settings
    • Identity Synchronization
    • Authentication Options for Hybrid Identities
    • Basics of Entra Connect Sync
    • Attacking Entra Connect
  • Enterprise Access Model
    • Gaps in Microsoft’s Recommendations
    • Additional Resources for Designing and Implementing Privileged Access

Target Audience:

The training is intended for the following audiences:

  • Technical staff responsible for the secure operation of Entra and Entra ID
  • Technical staff responsible for hybrid environments with Entra ID
  • Cloud architects with a focus on Microsoft Cloud in general and Entra in particular
  • Project managers with a focus on Microsoft Cloud in general and Entra in particular
  • IT security managers (including in small and medium-sized companies)

Prerequisites:

  • Basic knowledge of cloud technologies, Windows operating systems, as well as Active Directory; no expert knowledge required.

About the Speakers