Zero Trust is a new trend in enterprise network security architectures. Many enterprises are moving towards Zero Trust Architecture (ZTA). As AD and Azure AD are widely adopted as identity management solutions by enterprises today, AD and Azure AD can be expected to be one of the core components in zero trust architecture implementation of decision and policy engines. In ZTA, do these AD and Azure AD related techniques lead to security issues? ZTA can effectively limit movements of attackers, however, some attacks are hard to mitigate. For example, if an attacker controls a service account that does not support MFA, it is difficult to deal with such issues under ZTA. Active Directory Certificate Services (AD CS) is often used as a high security MFA option in Azure AD environments. Related attack techniques have been uncovered that allow attackers to escalate to high domain privileges, impacting the security of ZTA.

    In this session, we will discuss potential risks under the ZTA from an administrator's point of view and provide recommendations for enterprises to strengthen their own enterprise security. Technical staffs who are concerned about ZTA can not miss this session.