![]() ![]() I'm not sure if there's a way to restrict that or not, so that's where i'm currently stuck. In order for that to be adequate though, I then need to be able to prevent RSAT connections to Active Directory. What I think the only viable solution would be is to set up MFA for access to any Domain Controller in the domain. I'm not aware of a way to set up any MFA for admin access to Active Directory itself, but I'm all ears if someone knows of a way. Something you are - biometrics like a fingerprint or face scan. Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key. Multi-factor authentication is required for the following, including such access provided to 3rd party service providers:Īll internal & remote admin access to directory services (active directory, LDAP, etc.). Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods: Something you know, typically a password. I have received a "cyber security attestation" document from a major insurance provider and must be able to say yes to all of the items on it as a baseline to receive a policy. I've run into a puzzler and I'm hoping someone can give me a tip on how to solve this.
0 Comments
Leave a Reply. |