![]() More details about Azure AD Connect accounts and permissions are described in Microsoft Docs articles. Nevertheless, it’s a sensitive account because it plays a central part in running AADC services and data access (incl. No (direct) privileged access exists to Azure AD or Active Directory objects. The account is assigned to the Azure AD directory role " Directory Synchronization Accounts".ĪDSync Service Account takes place for running the synchronization service but has also access to the database for storing AADC information. Service account cannot be used as "Group Managed Service Account (gMSA)" and needs to be protected particularly.ĪAD Connector Account will be used to write information and synchronize objects from/to Azure AD.Īccount will be created for each AAD Connect Server and is visible with display name "On-Premises Directory Synchronization Service Account" in Azure AD tenant. This account has no permissions in Azure AD but privileges to write-back attributes and passwords to on-premises AD. abuse Azure AD DS connector account) Architecture and Service AccountsĪD DS Connector Account has been configured during AADC server implementation and will be used to read/write information to Windows Server Active Directory. Out of scope are privilege escalation and attack paths from AADC server in direction to Active Directory (incl. Abusing of Azure AD user "On-Premises Directory Synchronization Service Account" which will be used to synchronize objects from Azure AD Connect (AADC) Server (AD on-premises) to Azure AD.Attacking administrative account with directory role assignment to " Hybrid Identity Administrator" for managing Azure AD connect configurations.In this paper we are mainly focusing on the following scenario: Removing AAD Sync Server(s) from AAD Connect Health.Local application and system events from Azure AD Connect (Server).Security Insights from Azure AD Connect Server.Protect your cloud-only and privileged accounts from account take over.Reduce attack surface for AAD Connect resources. ![]() Secure your AAD Connect Server and Service Accounts as Tier0.Increase visibility by implementing detections.Password Spray attacks to Azure AD connector account.Takeover Azure AD connector by generating Temporary access pass (TAP) as backdoor.Suspicious activities from Azure AD connector account. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |