prezoqa.blogg.se

It’s up to you to integer this work into your security posture and evaluate impacts. I am not here to discuss if this document in any parts adhere to all principles and best practices of a secure administration environment, I just want to show a feature as a proof of concept.

Obtain above with a sort of simplicity and costs control.

Connect to Domain Controller thorough RDP form the PAW using SSO (Single Sign On).

Same credential can be used on prem and in cloud (if needed).

Have only one identity with one strong credential.

Have the ability to use multiple PAWs (privileged access workstation) with same MFA credential.

Eradicate from the domain the password presence for those privileged accounts (make impossible to use a password to log on to domain to prevent some king of password attacks).

Use that solution to protect privileged accounts passwords.

Configure a modern MFA solution to access on prem Windows 10 PC.

I am here just to demonstrate that today is technically possible (Proof of Concept):