Talk With an Expert

Decreasing Attacker Dwell Time in Azure Active Directory

Decreasing Attacker Dwell Time in Azure Active Directory (PDF, 4.99MB)Published: 21 Jul, 2021
Created by:
Mark Morowczynski

As companies continue to embrace the cloud, attackers also have shifted their attack methods to target cloud infrastructure. A popular target in 2020 has been an identity-based compromise (Verizon, 2020). Azure Active Directory is the identity provider behind Office 365, Azure, and thousands of applications for 200,000 companies, processing 30 billion authentications a day (Microsoft Corporation, 2021). Reducing attacker dwell time for any infrastructure is one of the most fundamental ways to minimize a breach's scope and financial impact. This paper provides an investigation into the effects on attacker dwell time when leveraging Microsoft's Security Operation Guide for Azure Active Directory.