8 hours 33 minutes
Hello, Siberians. Welcome to this lesson on Azure Lady password protection. This lesson is part of the second model off the Is that 500 mikes off as your security technologist casts quick information on what will be covering in this lesson.
We'll start with the discussion on trade against passwords and why existing methods are limited in dealing with the stress,
but then introduced the passport protection feature off Jahidi on how it is license will proceed to this cause the functionalities off password protection, namely smart, look out
global and custom band password least on password protection for I breed scenarios. Let's get into this.
Most ideas of the systems rely on password complexity, requirement to protect against password village. It attacks on what this does is that it gives a false sense of security as there many passwords that limits so called complex the requirements. But they're still very bad. Password on example
is what you're looking at on your screen
and where we said, bad pass what women past once they can be easily guessed on. What that means is that they're vulnerable to pass what's pray. Attacks on the truth about it is that Attackers know that users use this types of passwords
and they have a list off them, along with character Substitution is that users typically like to use.
So, for example, the dollar sign for the letter. Hess
the fixed These is to apply A band passed what system that does not allow weak and vulnerable passwords on the various character substituted equivalents to be set in your organizations house. So most identity systems Here's a blanket password. Look at policy to defend against identity attacks.
So if an attacker is attempting to put first a user's password,
this tree gets on account lockouts that affect legitimate users. Also, on what that Mrs that users will not be able to access their applications to their counter unlocked.
The sad thing about these is that the account may quickly become locked out again very quickly if the brute force attack continues on this in itself is a form off the nail of service attack.
The solution to this is to identify request from valid uses on allow access toe this valid request, why blocking attack us log in attempts on both issues that we've discussed on the slight is the main reason wife feature like a joy T password protection exists. So what is this feature?
A jury? The password protection is a feature of azure Haiti
that stops users from setting weak and vulnerable passwords on it. Also prevents valid uses from been locked out if their credentials have been put first by an attacker. This feature has four main functionalities
smart look Coat
Global Band Pass What least
costume band password Lease on Finally on premises Active directory Integration. We're going to look at this for functionalities in Ma details in a few seconds. Fast. Let's look at how this feature is licensed the functionalities off a ju 80 password protection that we can enable or customize the
paints on a hajj or hated licensing.
For example, when we talk about the smart lockout functionality, this is available toe every license. Tear off Ajai 80. When we talk about a global ban password lease functionality. This is also available toe every tear off azure Haiti. However, when we talk about a custom band passed what least
this requires a minimum off azure 80 premium P one license,
and why would talk about the Windows Sever Active directory integration. This also requires a minimum off Azure 80 Premium P one license. Let's over. Look at this matter. Card functionality off Grady Password protection. So the smart lockout functionality
uses a high to look. Attackers. What? Trying to guess. User's pass. What?
Why allowing valid users to continue to signing on It does this by using hey I to recognize, sign in from valid geezers and treating them differently from signing attempts to that suspicious in other. What? It's not just a blank password look out policy.
It's a policy that is intelligently applied.
The two other functionalities off enjoyed the past for protection. The global and custom band passed what least the global band pass What least is a Microsoft compound list off commonly used week off vulnerable passwords. In addition to these, a customer with azure Haiti premium P one license
may have their own custom least
off 1000 band passwords for the I environment. This is called the custom band Password list. Both off this least can then be used as a password future for every password set, Office said Operations toe ensure That only passed what the myth Microsoft recommended standard
on our own standard,
except that in our organisations. Finally, we can also extend this capabilities off password protection that have discussed toe our own premises. Active directory identity starts. This integration, as we mentioned earlier, requires a minimum off a jury 80 Premium P one to use.
Let's have a quick look at the components. Need that Eustis
We'll start with that as you're a detainment on the violence side with password protection functionalities configured like the global ban passed. What? Least on the custom band password list Wouldn't have our on premises. Active directory Domain controller On the left hand side,
we'll need a member sever that is joined to our own premises
Active directory domain.
We'll start out by installing the jury 80 Connect Password protection Domain controller Hey, agent on a domain controller on premises. Well, then implements the A jury 80 password protection proxy service on the members ever.
So this is how this works. The agents that we have on at the men control over through the proxy service is going to request for the password protection policy to be downloaded from a joy Haiti locally on the domain controller.
So this happens at startup and it also happens on a Harley shadow
whenever, as a passwords change operation that's performed on premises against that domain controller, it's going to verify that against the global band passed what least on the costume band Password leads that's been downloaded from Azure Haiti. Here's a quiz question for you. Which functionalities
are included as part off the A joy 80 password protection feature.
Select all that Apply Option one. Smart look out option to Global Band Pass. What Least
option three Custom ban password Least option for compromised password leased from top but a site on option five All of the above. If you select it, just options. 1213 you would be correct.
So the functionalities that I included on this mat look out Global Ban, password lease and Custom band password least
compromised. That's what leased from Top patricide is not part off, what as you're 80. Protection for Rights here Some supplemental links for further studies on the topics covered in this lesson
and some very
here. The different concepts are recovered in this video
was studied by discussing some passport related threats on the limitations off defenses like password complexity requirements and general lookout policies within this cost Password protection licensing. Andi Functionalities died. Supports that includes smart look out.
Global Ban passed What least and custom band password list.
We concluded by discussing out to implement password protection for on premises active directory environments. Thanks very much for watching and I'll see you in the next lesson.