Don’t let on-prem take down your Microsoft 365 cloud

Privileged accounts in a hybrid Entra Id environment

Are you managing a hybrid environment with on-premises infrastructure connected to Microsoft 365?

In this post, we’ll share crucial advice to protect your Microsoft 365 cloud from on-premises security breaches.

Most of our customers rely on cloud-based Entra ID for user account management. However, many medium and large organizations still use on-premises Active Directory for non-cloud assets. Typically, they utilize Entra Connect Sync or the newer Entra Cloud Sync to synchronize hybrid identities.

Here’s the golden rule: Do not sync privileged accounts! It’s that simple.

This approach is often referred to as segmentation or account tiering. Segmentation ensures that even if one account is compromised, it won’t provide unrestricted access to the entire environment. Implementing tiered accounts helps control access more effectively, limiting potential damage from breaches. Remember, according to the principles of Zero Trust, you should always assume a breach has occurred.

The exact steps to implement tiered accounts and exclude privileged accounts from syncing depend on your specific setup. If you need help reviewing and configuring Connect Sync or Cloud Sync, our Entra expert and Microsoft MVP, Jan Ketil Skanke and his team are ready to assist. And if you just want to take all the worries of securing you cloud away, contact us a get a demo of our Proactive Security Monitoring service for Microsoft 365.

Scroll to Top