How can I safeguard and prevent the attacker to perform Hybrid Azure AD join to my Azure AD tenant?

Question

I have Azure AD Premium P2 and have configured Azure AD Sync with Password hash Sync PHS to allow user account sync up to the cloud.

Using the steps described in: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join#managed-domains and then verify the successful implementation under: https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/~/windowsDevices

What sort of security measures and methods I can use to prevent abuse and attacker from joining devices into my domain?

Any help would be greatly appreciated.

Answer 1

@EnterpriseArchitect

Thank you for your post!

I understand that you Implemented password hash synchronization (PHS) with Azure AD Connect sync and Configured hybrid Azure AD join using the steps described in the documentation. To hopefully point you in the right direction or resolve your issue, when it comes to preventing abuse and attackers joining devices into your domain, you can look into using the following security measures and methods:

1. Use Conditional Access policies to control access to your resources based on specific conditions, such as device compliance, location, and user risk.
2. Use Azure AD Identity Protection to detect and prevent identity-based attacks, such as password spray and brute force attacks.
3. Use Azure AD Privileged Identity Management to manage and monitor privileged access to your resources.
4. Use Azure AD Connect Health to monitor and troubleshoot your hybrid identity infrastructure.
5. Use Azure AD Multi-Factor Authentication to add an extra layer of security to your sign-in process.
6. Use Azure AD Password Protection to prevent users from using weak or compromised passwords.
7. Use Azure AD Security Defaults to enable a set of basic security features, such as requiring MFA for all users and blocking legacy authentication protocols.

For more information, please see our Azure AD security best practices documentation.

---

Additional Links:

• Common Conditional Access policy: Require compliant or hybrid Azure AD joined device for administrators
• Common Conditional Access policy: Require a compliant device, hybrid Azure AD joined device, or multifactor authentication for all users
• Conditional Access: Block access by location
• Common Conditional Access policy: Sign-in risk-based multifactor authentication
• Use compliance policies to set rules for devices you manage with Intune
• Securing privileged access for hybrid and cloud deployments in Azure AD

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

---

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.