Protecting your Microsoft identities
Prevent usurpation of your Domain Admin privileges
Enhance the security of your directories
Active Directory & Entra ID
If an attacker succeeds in gaining domain administrator rights, he gains total control over all workstations and servers. This enables them to take over your Active Directory infrastructure and deploy malware on a massive scale.
The Microsoft identity is a dual identity: an AD account and an Entra ID account. In 90% of cases, these two accounts are synchronized. If one of the two directories is compromised, the other will be compromised.
Implement a Tiering model to prevent your highly privileged Active Directory and Entra ID accounts from authenticating on unsecured workstations and servers.
Detect and block compromises targeting AD and Entra ID with solutions from our partners.
Implement our security rules to disable the 15 risky Windows protocols and services. These are exploited by attack tools such as CrackmapExec, DSInternals, Rubeus and Impacket.
Know how to attack Active Directory and Entra ID to better defend them!
We work with our Audit team, experts in penetration testing, to identify the latest attack techniques targeting Active Directory and Entra ID.
This synergy translates into regular workshops where our SecOps teams adopt the attacker’s perspective, perfecting their defense strategy to secure your AD directories.
An Active Directory security model
We are actively contributing to the development of public versions of Harden AD and Harden 365. These solutions are open source and free of charge, and designed for all sizes of company, to reinforce the security of Active Directory and Entra ID directories.
We have a more advanced in-house version of these tools that will enable you to secure your most sensitive environments and guarantee compliance with the main ANSSI/CIS standards.
By adopting these tools, you benefit from a foundation of protection against the main attacks targeting Active Directory and Entra ID.
To take things a step further, we offer you the support of our SecOps team in deploying and customizing your Active Directory and Entra ID security model.
A 4-step support approach
Assess the health of your AD using our in-house tools and solutions from our leading partners (Crowdstrike, PingCastle, SentinelOne, Tenable, Varonis).
Define a roadmap and target architecture prioritized according to your specific issues.
Adjust our security bricks (GPOs, configurations, groups) to suit your needs.
Gradually integrate your users and machines into the new security model for a risk-free transition.
Toughen up your Microsoft 365 environment
In the face of threats targeting your directories first and foremost, we deploy a defense-in-depth strategy.
Protect the heart of your information system by isolating your privileges and hardening your configurations with our proven expertise.
Shield the Azure AD directory and activate numerous optional security settings in the Microsoft 365 suite.
Secure your Exchange On-Premise infrastructures
Classify and protect your data in the Microsoft environment
Want to secure your sensitive information on Microsoft 365? Discover the tools we offer.
Discover our solutions for blocking or detecting intrusion or data exfiltration attempts.
- Generalist tools that correlate several sources of information;
- Specialized tools for Active Directory and Azure Active Directory.
Reduce the time needed to rebuild your information system
- Automate the creation of the attacked company's servers and network equipment in a public cloud solution - such as Microsoft Azure
- Automate Active Directory and Microsoft 365 Tenant setup.