2025-06-26 –, Track 2 (AD & Entra ID Sec)
Hybrid identities make administration easier and improve user experience. However, connecting the on-premises environment to the cloud makes identities prone to legacy attacks. Most of these attacks can be mitigated by carefully securing on-premises assets and properly configuring Entra ID.
In the cloud era, hackers don’t need to break in anymore, they just need to log in. This is the case in cloud-only identities, as the identity-related infrastructure is well protected from legacy attacks. However, in hybrid identity scenarios, the on-premises environment is still vulnerable to legacy attacks.
According to Microsoft Digital Defense Report 2024, 99% of identity-related attacks were performed against Entra ID. Less than one per cent of the attacks were against on-premises infrastructure, such as federation and synchronisation services. These attacks are typically performed by professional or nation-state-sponsored threat actor groups.
In this demo-packed session, I will show how to protect hybrid identities against these attacks. This includes securing on-premises assets as well as Entra ID hybrid identity configuration.
Dr Nestori Syynimaa is a Principal Identity Security Researcher at Microsoft Threat Intelligence Center. He has over a decade of experience with the security of Microsoft cloud services and is known as the creator of the AADInternals toolkit. Before joining Microsoft in early 2024, Dr Syynimaa worked as a researcher, CIO, consultant, trainer, and university lecturer for over 20 years.
Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, Black Hat USA, Europe, and Asia, Def Con, RSA Conference, and TROOPERS.