Figure 4-5: Long-term goal plan  The figure identifies the following areas:  1

123 
CHAPTER 4 | Security and identity 
Identity 
Now let’s take a look at some other elements that go hand-in-hand with security: the improvements 
within the identity stack in Windows Server 2016. 
Active Directory Domain Services 
Microsoft focused on three main areas for improvement in this release: 

Privileged access management 

Azure Active Directory Join 

Microsoft Passport 
Let’s dive into each of these topics a bit deeper to explain the exciting things being introduced into 
the platform. 
Privileged Access Management 
The world of cyber threats becomes more complicated every day, and because it is such an invisible 
threat in most cases, we need to apply security in layers on different levels to mitigate every feasible 
possibility. PAM was introduced to help mitigate common credential theft threats like pass-the-hash, 
spear phishing, and so on. PAM requires that you deploy Microsoft Identify Manager (MIM). 
More info For an introduction and deployment information about MIM, go to 
https://aka.ms/vaz62m
. 
Most Active Directory environments would like to believe that they are completely clean of malicious 
activity, but the truth is that we can’t be 100 percent sure. For this reason, one of the first things PAM 
implements is a new bastion forest where it can guarantee that it is free from malicious activity. A 
special type of trust is established called a PAM Trust. This bastion forest is provisioned by MIM 
during the initial deployment. Figure 4-6 shows the basic concept of the new forest and the PAM trust 
established. 

Download 13,37 Mb.

Do'stlaringiz bilan baham: