Interlink Cloud Blog

Keeping your organization secure is a top priority – so what is credential hygiene and why is it important?

Good credential hygiene means not exposing credentials on a potentially-compromised system when those credentials can be used to compromise other systems. Credentials can be a password, an account’s NTLM hash, or a Kerberos TGT. When these kinds of credentials are hacked, there is the potential for the entire company to be at risk. That’s where Microsoft’s Local Administrator Password Solution (LAPS) can come into play.

You may have noticed that there are currently four Microsoft products with “Advanced Threat Protection” in their name:

1. Azure Advanced Threat Protection
2. Office 365 Advanced Threat Protection
3. Windows Defender Advanced Threat Protection
4. SQL Advanced Threat Protection

While each of these solutions offers value to its users, there’s been some confusion around the similar naming of these products. Let’s clear up confusion by taking a closer look at each of these products and their features, benefits, and intended use cases.

Figuring out the best way to implement Single Sign-On (SSO) in a Microsoft cloud environment can be challenging given how the options have evolved over time, but it’s a key component of any successful Office 365 or Azure deployment. There are four main options on how you can configure SSO:

• Cloud-only passwords without SSO

• Password synchronization with SSO

• Pass-through Authentication with SSO

• Federated Identity (ADFS or 3^rd party) 

In the modern workplace, chances are that your employees are using their in their own devices for work, which often results in unsecure access to company files. This creates a challenge because organizations need to be able to secure their company’s data on these devices without violating personal information. Also, if an employee leaves the organization, it’s important to have a means to avoid wiping their personal information from their devices.

With your company’s valuable data in mind, Microsoft has created two device management services that allow you to secure your organization’s data - no matter what device is being used. Microsoft Intune and Microsoft System Center Configuration Manager are both good options for device management, but it can often be hard to determine which option is best for your business. Sometimes it’s better to run a hybrid of them both.

Hackers are dedicated to getting into and compromising your systems. They can use sophisticated coding techniques to get around or break through your security defenses. Unfortunately, many times that type of extensive effort isn’t necessary because organizations make it easy for hackers to steal credentials by failing to have adequate defenses in place.

Nearly two out of every three confirmed data breaches involve weak, default, or stolen passwords.¹ In total, according to Microsoft, tens of millions of credentials are exposed every month and are added to growing lists on the dark web. These stolen user IDs and passwords are extremely valuable to cyber thieves since three of every four users re-use credentials across multiple sites and continue to use the same credentials for years.²