Skillplan AD Checklist
2026-05-20 16:34
AD
Security Checklist
de
en
fr
it
System Online
← Back to sections
Mitigation Controls · Section 14 of 17
Mitigating a Microsoft Entra Connect compromise
Assessment Progress
0
/ 95 items
0%
Fulfillment so far
0
/ 0 controls
0%
Explain this attack
Disable hard match takeover.
Not Fulfilled
Fulfilled
Accepted
Disable soft matching.
Not Fulfilled
Fulfilled
Accepted
Do not synchronise privileged user objects from AD DS to Microsoft Entra ID. Use separate privileged accounts for AD DS and Microsoft Entra ID.
Not Fulfilled
Fulfilled
Accepted
Enable MFA for all privileged users in Microsoft Entra ID.
Not Fulfilled
Fulfilled
Accepted
Limit access to Microsoft Entra Connect servers to only privileged users that require access.
Not Fulfilled
Fulfilled
Accepted
Restrict privileged access pathways to Microsoft Entra Connect servers to jump servers and secure admin workstations using only the ports and services that are required for administration.
Not Fulfilled
Fulfilled
Accepted
Ensure passwords for Microsoft Entra Connect server local administrator accounts are long (30-character minimum), unique, unpredictable and managed.
Not Fulfilled
Fulfilled
Accepted
Only use Microsoft Entra Connect servers for Microsoft Entra Connect and ensure no other non-security-related services or applications are installed.
Not Fulfilled
Fulfilled
Accepted
Encrypt and securely store backups of Microsoft Entra Connect and limit access to only Backup Administrators.
Not Fulfilled
Fulfilled
Accepted
Centrally log and analyse Microsoft Entra Connect server logs in a timely manner to identify malicious activity.
Not Fulfilled
Fulfilled
Accepted
Save and Continue →
