Critical vulnerability at Palo Alto Networks: Patches and CISA warnings The latest serious security vulnerability in Palo Alto Networks products has
Microsoft uses the term Entra to summarize all products that deal with Identity and access functions deal with. There will also be Azure Active Directory (ADD) integrated, now under the name Microsoft Access ID running.
(Last update: August 24.08.2023th, XNUMX)
It is obvious why this product family is interesting in terms of IT security and pentesting: Entra ID (formerly AAD) is widely used and therefore an ideal attack vector for hackers to gain unauthorized access to information and functions
That's why in this article we first fundamentally clarify the question "What is Microsoft Entra (formerly Azure)?" In further articles we will discuss potential attacks and protection options.
Click here to go directly to the other articles in our Entra series:
(Last update: August 24.01.2024th, XNUMX)
In addition to Entra ID (formerly AAD), which is the best-known component, Microsoft Entra includes many other services for creating entire cloud-based infrastructures.
Does your company already use a Microsoft solution via O365/M365? Then you automatically have Microsoft Entra ID. Identity management for these solutions runs here. If you already use an Active Directory in your company, you can connect it to your identity management in Entra via Azure AD Connect. Through Azure AD Connect, your users' access data is automatically synchronized into the cloud.
Tenant roughly translates to client and represents an identity in Entra ID and O365/M365. In the on-premise Active Directory it would be equivalent to the customer's domain, although Entra allows multiple linked domains. (It is possible to switch between domains and also adopt policies.)
Entra ID Tenants are dedicated, unique and separate instances within Entra ID. The tenant is created automatically as soon as you subscribe to one of the Microsoft cloud services, such as M365. An Entra ID Tenant reflects a single person or organization and can best be compared to the classic on-premise Active Directory.
O365/M365 is a standalone product of Microsoft applications. The best-known applications are Outlook, Teams, Word and Excel. In addition, you get access to Entra ID (formerly Azure AD), which is the basic IAM platform that handles authentication, authentication and authorization and enables administrators to manage it.
Due to the user control offered here, a reference to Entra can easily be made. When the Entra ID is created, groups and users are automatically taken over from the M365 including license status and user information.
Information from Entra ID is also transferred to the O365/M365 so that the data in both areas is synchronous. In addition, this combination allows multi-factor authentication to be integrated very cleanly into a company.
Entra ID (formerly Azure AD or AAD) is the cloud-based identity and access management (IAM) service under Entra. This allows you to access the virtual machines provided in Azure, the Entra portal, its SaaS applications such as Microsoft 365 (aka O365), but also internal resources in the OnPrem environment. Microsoft itself describes Entra ID as an Identity as a Service solution (IDaaS) for applications and services in the cloud as well as for on-prem solutions.
The classic Active Directory is local to your company and requires regular maintenance and updates.
With the Microsoft Cloud version, the update and upgrade options are much more deeply rooted, which means you can carry them out more quickly. On the other hand, recommendations for action are recommended via internal monitoring and other security services such as Intune.
But what differentiates the two solutions are the protocols. While Active Directory works a lot with LDAP, SMB and RPC, Entra ID relies on other protocols due to its web-based origins.
Active Directory | Entra ID |
LDAP | REST API's |
NTLM/Kerberos | OAuth/SAML/OpenID |
The next big difference between the two solutions is the organization of objects. While with Active Directory you could arrange your objects in a structured manner in OU's (Organizational Units), the structure in Entra ID is very flat. Here authorizations are assigned via predefined roles. According to Microsoft Docs, there are 83 roles at the time of this post. Some research is required here so as not to “accidentally” assign a role that has too many permissions.
We still see customers using Entra ID (Azure AD) environments that have Microsoft default settings that offer the potential for attacks. Many of our customers are not yet familiar with these setting options in Active Directory.
Fundamental things only change in Active Directory when a new domain function level is introduced and used via a new Windows version. Entra ID (Azure AD) is still very “new” in comparison and innovations can occur almost daily. This means that settings that you set yesterday may no longer exist or work differently the next day. In order to understand how the Entra ID construct works, some research is required in the Microsoft Docs, which in certain cases do not always reveal the whole truth.
You can do several things via Entra Subscriptions. From virtual machines, virtual networks to databases etc. everything is possible here.
It is possible for you to integrate the servers hosted in the cloud into the on-prem infrastructure so that it appears as if the server is in the same network as the other on-prem devices.
You can do several things via Entra Subscriptions. From virtual machines, virtual networks to databases etc. everything is possible here.
It is possible for you to integrate the servers hosted in the cloud into the on-prem infrastructure so that it appears as if the server is in the same network as the other on-prem devices.
Critical vulnerability at Palo Alto Networks: Patches and CISA warnings The latest serious security vulnerability in Palo Alto Networks products has
Chinese hackers use T-Mobile and other US telecommunications systems for larger espionage campaign The giant US telecommunications company T-Mobile has confirmed that it is one of the
The challenge of permissions and non-human identities – Why managing credentials takes longer than you think With the
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.