From the course: Windows Server Hybrid Administrator Associate (AZ-800) Cert Prep: 2 Manage Windows Servers and Workloads in a Hybrid Environment
Secure administration for Windows
From the course: Windows Server Hybrid Administrator Associate (AZ-800) Cert Prep: 2 Manage Windows Servers and Workloads in a Hybrid Environment
Secure administration for Windows
- [Instructor] Let's now dive into how to administer a hybrid environment. Administering a hybrid environment can be challenging, considering the fact that it is spread out in on-premise environment, as well as in the cloud, therefore, two environments needs to be administered. Also we need to keep in mind that security should be at the forefront of our planning process, simply because we have now extended the network from on-premise environment to the cloud across the internet, so therefore we have introduced some security concerns. Last but not the least, we have to understand who is going to administer and what can we do to implement a process that makes sense. We have to ensure that administrators can do their job without any roadblock, that they have all the access that they need to perform the tasks that they are assigned to do, however, we should not give access that the admins do not need, there's no need to overcompensate in this situation. We also need to ensure that these tasks are performed in workstations or servers that are secure, this is where jump server comes to play, and we'll talk more about that in upcoming chapter. This brings us to the topic of least privilege access. Least privilege access means that you are giving access based on the task or role and you are not giving additional access that is not needed. For example, if an administrator only manages group policies, then we do not need to give them access to manage users and groups. Same goes the other ways, administrators who are in charge of managing users do not need access to manage group policies. This concept is also applicable, not just for administrators who are basically user accounts, but also it goes to service accounts and computing processes. Just because a service account or a computing service does not have a human behind the scene, does not mean we can trust these entities completely, we have to keep in mind that any account can be compromised, therefore, it is in our best interest to make sure that we always apply the main principles of just enough access. In a complex environment where many administrative tasks need to get done, it is very important to make sure that we plan and we give least privilege access to administration. We need to have proper planning to implement the least privilege access plan. We first have to determine who our administrators are and what role they perform, and we also have to ensure that there are no overlapping roles. We also have to make sure that the extremely sensitive groups, such as domain admins and enterprise admins have very few members so that the access is controlled. Implementing user account control as well as just-in-time access can be very helpful in the process. We will dive deep into those concepts in next few chapters.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.