Auditing Active Directory, Entra ID and Windows
This 3 day course focuses on identifying the risks that are specific to an Active Directory and Windows environment. Controls that are needed for Entra and Office 365 will also be discussed. The Windows operating system is typically well known and utilized but can be difficult to secure since there are a large number of security options available. This course provides the tools and techniques to effectively conduct an Active Directory and Windows audit. Hands-on exercises give students the opportunity to conduct an audit on their own Windows system, as well as understand the different security options that Windows provides.
CPE:
21
Program Level:
Intermediate
Delivery Method:
Live
Cost :
$990 for this live 3 day course
Course Contents/Objectives
I. Basics
• Identifying the system
• Types of Windows systems
• Registry
• Resources
• Windows Command Line Basics
• Windows Security Features
II. Active Directory
• LDAP
• Domain Controllers
• Global Catalog
• Microsoft Entra ID
• Operations Master Roles (FSMO)
• Trees and Forests
• Trusts
• OUs and Group Policy
• Delegation of Authority
• Server Roles
• DNS
III. Windows as a Server
• Feature and Quality Updates
• Servicing Channels
IV. Cloud
• AD Connect
• Entra ID
• Critical Azure Accounts
• Controls that should exist in the Microsoft Cloud
• Commands to get Users, Roles, Settings and other Important Azure Data
• OneDrive
• Office 365
• Commands to get Users, Roles, Settings and other Important Office 365 Data
V. Users and groups
• Permissions
• Local and Domain Users
• Default and Common accounts
• Controlling access
• Groups
• Privileges/Rights
• Permissions
• Administrator accounts recommendations
• Mandatory Integrity Control (MIC)
• User Account Control (UAC)
VI. Passwords
VII. Patching
VIII. Ports, Services and Applications
• Services MMC
• Identifying Ports
• Softer Restriction Policies
• AppLocker/Application Control Policies
• Specific services and applications
• Server Manager
• Virus and Malware Protection
• Office 365
IX. Data Protection
• Shares
• Encryption
• File integrity
• Security Options
• Network Access Protection
X. Auditing and logging
XI. Windows specific tools
• Power Shell
• SCA
• Security Templates
• WMIC
Laptop Required
Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
• USB Port
• 8 GB RAM or higher
• 25 GB available hard drive space
• Windows 10 professional or later (Home or similar editions will not have some of the features needed.)
• Administrator privileges including the capability to install and run tools, as well as disable anti-virus
• VMWare Player should be installed
• Windows 10 professional or later (Home or similar editions will not have the features needed.)
Target Audience
• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information Technology Auditors
• Information Security Officers
Prerequisites
Participants should be familiar with Internet technologies and commonly used Internet security controls. No other advance preparation is required.
What People Say About Us
We help you see the world differently, discover opportunities you may never have imagined and achieve results that bridge what is with what can be.
Kendall
Ashley
Joel