Defending Tier 0 Taking Control of Your Cloud’s Control Plane

Practical implementation of the Microsoft enterprise access model, an evolution of the Enhanced Security Admin Environment (ESAE), can be a challenge for many organizations and differs between cloud and on-premises infrastructures. However, the concept should be an important part of your privileged access strategy to avoid unauthorized pathways, which lead to lateral movements.

In this session, I will share my experiences in designing, managing, and monitoring privileged access based on the enterprise access model. We will look at a practical approach for designing a classification model for tiered administration and answer the question: Who and what should be defined as Tier 0 or Control Plane?

We’ll discuss current technical limitations and real-world challenges in adopting the privileged access design in enterprise environments. You’ll learn how to answer some fundamental design questions, such as whether to use a dedicated tenant to host an administrative environment (“Red Tenant”) for privileged assets. Live demonstrations will cover the integration of security operations to identify breach of tiered administration and practical guidance on daily operations.

Slide Deck: https://www.semperis.com/wp-content/uploads/resources-pdfs/hipconf-2024/defending-tier-0.pdf