We’ve all probably heard the old axiom that a chain is only as strong as its weakest link. In the context of cybersecurity, in many IT environments the weakest link is the workstations that administrators with privileged accounts use to connect to critical infrastructure and applications. If these management workstations aren’t properly secured, high privilege user credentials can be stolen, and those stolen credentials will be used to compromise more infrastructure, applications and data.
One of the most common questions I get from security professionals who are trying to mitigate credential theft and reuse attacks is how to create a management workstation that secures privileged accounts?
I’d like to highlight some excellent new guidance that colleagues of mine in Microsoft’s new Enterprise Cybersecurity Group recently contributed to:
- Securing Privileged Access – A roadmap of recommendations for securing privileged access designed to help guide organizations in protecting against attacks on privileged accounts and hosts
- Privileged Access Workstations– Guidance on installing and configuring a privileged access workstation, a key part of the roadmap and a critical defense element for credential theft attacks like pass the hash
- Key reference information that we use regularly including the administrative tier model and the clean source principle
This new guidance was the result of a collaboration of folks from across Microsoft including contributions from the Enterprise Cybersecurity Group, our internal Microsoft IT security teams, the Microsoft Azure security team, as well as consultants in Microsoft Consulting Services and Premier Field Engineers that deliver these solutions every day, and many others across the company.
While they are pretty busy helping customers defend against cyberattacks, the authors are interested in hearing suggestions on how to improve this guidance. Please send feedback to CyberDocFeedback@microsoft.com.
Chief Security Advisor
Enterprise Cybersecurity Group