In this week’s episode of the Practical 365 Podcast, Rich Dean and I were joined by special guest & upcoming keynote speaker at TEC 2024, Derek Melber. Before he joined us on the show, Rich and I discussed the aftermath of Crowdstrike and looked at the root cause and what we can learn from some organizations that weren’t as prepared as others.
The Experts Conference (TEC) 2024
We kicked off the show with news about The Experts Conference (TEC) 2024, scheduled for October 1-2 in Dallas, Texas. As a proud sponsor, Practical 365 is offering a buy-one-get-one-free deal for both the main conference and pre-con workshops. This premier event for Microsoft security and management will feature world-class sessions from MVPs and industry experts, including our guest Derek Melber. It’s an opportunity you won’t want to miss, so be sure to use the code P365TECBOGO at checkout to claim.
CrowdStrike and Cybersecurity Concerns
Our discussion then turned to the recent CrowdStrike developments, a topic that’s been on our radar for a while and we follow up on the discussion from the previous episode and get Rich’s take on the implications for organizations and the importance of maintaining robust cybersecurity measures.
Read the root-cause analysis by CrowdStrike
Read more about Delta refusing assistance from Microsoft, as discussed on the show
Derek Melber, MVP talks Active Directory Security Insights
We’re joined by Derek Melber, Chief Business Officer at Beak AIOps, a 20-time Microsoft MVP and expert in Active Directory and cybersecurity.
Derek shared his extensive knowledge of Active Directory security, emphasizing that it’s an area many IT professionals still don’t fully grasp. He recounted his recent experience giving a full-day workshop at the Microsoft campus on Active Directory and Intra-ID security, underscoring the ongoing need for education in this field. We discussed the challenges of balancing on-premises and cloud security practices, a topic that resonates with many of our listeners navigating hybrid environments.
Making it Easy to Move Away from NTLM: The Shift to Passphrases
One of the key points Derek raised was the importance of moving from NTLM authentication and how moving from traditional passwords to passphrases is a key weapon in his armory for making this easier.
In June 2024, Microsoft announced that “all versions of NTLM, including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. The use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary.”
As organizations strive to modernize their IT environments, one of the critical challenges they face is reducing their dependency on outdated and insecure protocols like NTLM. NTLM, or NT LAN Manager, has been a cornerstone of Windows authentication for decades, but it is now widely recognized as vulnerable to several security risks, including pass-the-hash and replay attacks. Despite these risks, many organizations still rely on NTLM, particularly in complex network environments or where legacy systems are involved.
Derek emphasized the importance of transitioning from traditional passwords to passphrases as a key security measure that makes it comparatively easy to remove NTLM from the environment. He advised organizations to communicate the benefits of passphrases to users, highlighting that they’re easier to remember while being more secure. The recommendation is to use group policies to increase password length beyond 14 characters and implement fine-grained password controls for a staged rollout.
Derek’s approach not only enhances security but also improves user experience by allowing less frequent password changes. Moving away from NTLM by forcing changes to passwords over 14 characters significantly reduces the risk of credential theft and lateral movement by attackers, and using passphrases makes it much easier for a user to adopt a significantly more complex password that’s easy to remember.
Evolving Cybersecurity Landscape
We wrapped up our conversation by touching on the ever-changing nature of cybersecurity threats, and the importance of staying vigilant and proactive in the face of potential new vulnerabilities or attacks. Being prepared and informed is crucial.
On Next Week’s show
Join us next time as we continue to explore the practical side of Microsoft 365 and beyond, and of course, don’t forget to subscribe on iTunes or Spotify. On the next episode, Paul and I will be joined by several special guests for an MVP roundtable episode, though you’ll have to wait to find out who – the only clue I can give you is our two guests are both Practical 365 writers and will be at TEC 2024.
