AD Horror Stories with Sean Metcalf: Practical 365 Podcast S4 E7

Halloween & Active Directory

On the Practical 365 podcast this week, it’s a spooky Halloween special. I’m joined by my co-host – Rich Dean, and this week we’re lucky enough to be joined by special guest Sean Metcalf, the founder and CTO of Trimarc.

In our last episode, we had a fascinating conversation with Alex Weinert, the director of identity security at Microsoft, about the Storm-0558 incident, Alex shared his insights and learnings from the incident, and how Microsoft is working to prevent similar attacks in the future.

In this episode, we continue the theme of security, but this time we focus on on-premises – Active Directory. Active Directory is a complex and powerful system, but it also comes with many challenges and risks, especially in the age of hybrid and cloud environments.

We invited Sean Metcalf, one of the world’s leading experts on Active Directory security, to share his experience and knowledge on how to protect and manage Active Directory in a secure and efficient way – and share some horror stories along the way.

Watch Season 4, episode 7 on YouTube

On the show, we discuss with Sean some of the most interesting and important topics related to Active Directory security, such as:

The spooky changes in Windows 11 and how they aim to eliminate the legacy NTLM authentication protocol, which is often abused by attackers to perform credential theft and lateral movement.
The common Active Directory misconfigurations that expose organizations to unnecessary risks, such as excessive privileges, weak passwords, outdated systems, and lack of monitoring.
The practical aspects of managing Active Directory security, such as how to implement best practices, how to use tools and scripts, how to educate users and stakeholders, and how to deal with legacy and third-party applications.
The emerging threats and trends that affect Active Directory security, such as ransomware, cloud services, zero trust, and passwordless authentication.
We also ask Sean to share his worst security horror story and ask – what are the common mistakes and pitfalls that organizations make when they buy advanced security tools and solutions?

We’ll be back in two weeks’ time, where I’ll be joined by Paul Robichaux. Until then, stay safe, and happy Halloween!

Active Directory, Cyber security

About the Author

Steve Goodman

About the Author

Chief Editor for Audio and Video Content and Technology Writer for Practical 365, focused on Microsoft 365. A nine-time Microsoft MVP, author of several Exchange Server books and regular conference speaker, including at Microsoft conferences including Ignite, TechEd and Future Decoded. Steve has worked with Microsoft technology for over 20 years beginning and has been writing about Exchange and the earliest iterations of Office 365 since its inception. Steve helps customers plan their digital transformation journey and gets hands on with Microsoft Teams, Exchange and Identity projects.

Subscribe for Practical 365 updates

Halloween & Active Directory

About the Author

Steve Goodman

About the Author

Leave a Reply Cancel reply

Latest Articles

Notes from the Field on Finding Use-Cases and Business Value from AI: The Practical 365 Podcast S4 E9

Microsoft 365 Copilot in the Real World

Creating an Exchange Online Inbound Email Traffic Report for the Last 90 Days