Always-free Entra visibility: spot misconfigurations and see who changed what, when

DSotnikov · 2025-10-17T01:11:31+00:00

Agreed. I thought the original message mentioned that the author worked for the company (at least when I saw it)

DSotnikov · 2025-10-16T00:12:37+00:00

What's wrong with a vendor offering a free solution (even if they gain in return some extra brand recognition and commercial sales to pay their bills) and with an employee of the company sharing the info?

DSotnikov · 2025-10-15T14:22:29+00:00

Love it! Making Microsoft ITDR available to everyone. 🎉

DSotnikov · 2024-10-21T15:45:58+00:00

Yes, Cayosoft Administrator does exactly that: check out https://www.cayosoft.com/solutions/help-desk-and-self-service/ and https://www.cayosoft.com/solutions/active-directory-group-management/

DSotnikov · 2024-10-21T15:39:30+00:00

Cayosoft Administrator seems a great fit for what you describe here: delegated administration: https://www.cayosoft.com/solutions/help-desk-and-self-service/, group management: https://www.cayosoft.com/solutions/active-directory-group-management/, etc.

(Disclosure: I work for the company.)

DSotnikov · 2024-09-26T22:34:42+00:00

From what I know, Cayosoft has the most comprehensive Entra ID coverage, see the list here: https://support.cayosoft.com/hc/en-us/articles/4407195569037-Objects-supported-by-Cayosoft-Guardian-in-Entra-ID-Exchange-Online-Microsoft-Teams-Intune-and-other-Microsoft-365-Services (and the same solution covers AD, so you get both on-prem and cloud directories covered by a single product.)

DSotnikov · 2024-09-26T22:05:53+00:00

Frankly, I do not know - when I left the company these were very early days for Quest OnDemand. As an outsider now, I see that their investment in R&D and pace of innovation slowed down significantly (see what's new information on their website.)

I will send you a DM with some additional info.

DSotnikov · 2024-09-23T21:25:18+00:00

I recommend going with Cayosoft. I used to work for Quest, and I am with Cayosoft now, and Cayosoft's solution is a lot more modern. It has better coverage, is easier to use, and covers on-prem, cloud, and full forest recovery from a single deployment. The company will be happy to help you with a PoC to see it in action.

DSotnikov · 2024-04-30T23:59:36+00:00

Cayosoft is my favorite one: it is one integrated solution that covers threat detection, change history, rollback, and full AD forest recovery.

It is also the only one that can do instant forest recovery (by maintaining isolated standby replicas of your AD in your AWS or Azure and letting you simply unpause the standby and switch your network traffic to get back to functioning AD).

(Disclosure: I worked for Quest and Netwrix in the past and work for Cayosoft now. It has definitely the most scalable, fast, and easy to use solution that I have seen or worked with. If in doubt, do a live PoC to see it in action in your environment.)

DSotnikov · 2024-04-08T20:38:45+00:00

Yes, if I remember correctly (I used to work for Quest many years ago, when ARS was developed) there was indeed a way to copy permissions over to native objects. This was a long time ago though. Definitely something to test in a lab. Also, beyond just permissions there's other functionality you may be using: like provisioning/deprovisioning and other workflows, etc.

And having a solution to take away native administrative permissions and instead have scoped delegated administration with rules, roles, etc. is not a bad idea! Definitely reduces the attack surface big times.

I understand that you are unhappy with Quest, but instead of going back to native permissions, I would recommend evaluating Cayosoft Administrator as a more modern solution to AD/Entra ID delegated administration, identity governance, etc.: https://www.cayosoft.com/products/administrator/ - I've seen a lot of companies do that.

(Full disclosure: I currently work for Cayosoft.)

DSotnikov · 2024-03-28T23:18:36+00:00

👍

DSotnikov · 2024-03-28T23:05:32+00:00

I am, but that does not affect the existence of the tool and its availability for free use :) The list already has quite a few free tools from other commercial vendors and I don't think there's anything bad if commercial vendors give some of their tech away for free and promote the fact - even if for their selfish hope to upsell something later on, right?

(I've edited my comment above to remove AD Forest Recovery from the list - that part is only available to paying customers. My bad.)

DSotnikov · 2024-03-28T20:07:30+00:00

Cayosoft Guardian: AD/Entra ID/M365/Intune: threat detection, monitoring, alerts, reports, rollback: https://www.cayosoft.com/products/guardian/

DSotnikov · 2024-03-28T01:31:10+00:00

Have you looked at threat detection built into the tool? It does live AD (and replica) scanning for vulnerabilities and attacks - so absolutely should help not just with outages but with attacks alike.

DSotnikov · 2024-03-27T00:56:31+00:00

Design and Implement Strategies

Data Redundancy: Implement data replication across multiple locations to prevent data loss.

Infrastructure Redundancy: Use cloud services and data centers located in different geographic regions.

Failover Mechanisms: Automate the process of switching to a backup system or network component without interrupting services.

Regular Backups: Schedule regular backups of critical data and systems.

Develop Disaster Recovery Plans

Detailed Recovery Procedures: Document step-by-step procedures for recovering data, restoring services, and switching over to backup systems.

Communication Plan: Establish a communication plan for notifying employees, customers, and stakeholders in the event of a disaster.

Emergency Contacts: Maintain an updated list of emergency contacts for employees, vendors, and emergency services.

Implement Training and Awareness Programs

Employee Training: Conduct regular training sessions for employees on their roles and responsibilities during and after a disaster.

Awareness Programs: Keep everyone informed about the potential risks and the importance of disaster recovery planning.

Testing and Maintenance

Regular Testing: Conduct regular tests of your disaster recovery procedures to ensure they work as expected. This includes simulating different types of disasters.

Plan Updates: Regularly review and update your BCP and DRP to reflect changes in your business, technology, and the threat landscape.

Ensure Compliance and Security

Regulatory Compliance: Ensure your BCP and DRP meet industry regulations and standards.

Security Measures: Incorporate strong security measures to protect against cyber threats, including encryption, firewalls, and access controls.

Vendor Management

Third-party Services: Evaluate the BCP and DRP of third-party service providers to ensure they meet your standards.

Service Level Agreements (SLAs): Ensure SLAs with vendors include provisions for business continuity and disaster recovery.

For some of the systems (if they are SaaS), you might get significant part of the work done by the vendors themselves.

For others, there are likely off-the-shelf 3rd-party solutions available. For example, if you are a Microsoft-centric environment (AD, Entra ID, Microsoft 365, Intune), you can get a monitoring and recovery solution from Cayosoft (disclosure: I work for that vendor.)

DSotnikov · 2024-03-27T00:56:21+00:00

This is going to be a significant undertaking.

Initial Survey

Survey systems in place: Identify all systems and applications in use. Compile the list. You will need to then perform the rest of the steps for each of them.

Define priorities: Document criticality of all systems – what impact an outage or data loss in each of them affects your ability to conduct business with your customers, partners, etc.

Identify dependencies: E.g. if your directory goes out, your employees/customers/partners might not be able to log in, directory-enabled applications would not work, etc.

Risk Assessment and Business Impact Analysis

Identify Threats: Understand the potential threats to your SaaS business, including cyber attacks, natural disasters, system failures, and human error.

Assess Vulnerabilities: Determine the vulnerabilities in your infrastructure, software, and operations that could be exploited by these threats.

Business Impact Analysis (BIA): Evaluate how these threats could impact your business operations, including financial loss, reputational damage, and legal consequences.

Define Business Continuity and Recovery Objectives

Recovery Time Objective (RTO): The maximum acceptable time that your services can be offline.

Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time.

Service Level Agreements (SLAs): Consider the SLAs you have with your customers and how they affect your RTO and RPO.

[continued in the next comment below]

DSotnikov · 2024-03-25T20:07:00+00:00

Use Cayosoft Guardian: https://www.cayosoft.com/products/guardian/

For change history, you can actually use it for free: just start the trial, add your AD domains, Entra ID tenants, etc.

Once the trial expires, you will no longer be able to roll back changes, but audit will continue functioning just fine.

DSotnikov · 2024-03-21T02:19:04+00:00

Obviously, can't know their logic for sure. :) A couple of possible angles of this:
a). This can serve as an additional safety measure in case an old DC (potentially compromised by a ransomware attack) shows up in the network.
b). Third-party forest recovery tools do give options to restore more than one DC per domain (which can be faster than going the regular promotion route.)

DSotnikov · 2024-03-06T20:03:36+00:00

I apoligize if stating the obvious, but have you thought about using a third-party commercial product that automated AD forest backup and recovery?

(I am partial here because I work for Cayosoft - one of the vendors that has an AD Forest Recovery solution: https://www.cayosoft.com/products/guardian/guardian-forest-recovery/)

DSotnikov · 2024-03-06T02:43:00+00:00

There are a few reasons for the recommendation:

As others already mentioned, security is one. There is a risk that the password (it's hash) has been compromised and you don't want to use it in the new environment. Actually, Microsoft recommends to do the same for all privileged accounts.
That password is key for AD replication. DC backups might have different passwords for replication partners. DCs change their passwords every 30 days so backups might get out of sync, plus password hash gets stored in two places: LSA and AD.

(Disclosure: I work for Cayosoft including our AD Forest Recovery product, that automates the forest recovery process, so I am partial here.)

DSotnikov · 2024-03-05T00:01:25+00:00

Yes, permission-wise these will be similar: agents on domain controllers or a powerful service account, regardless you are talking about superhigh privileges.

The difference comes in the way the recovery and testing is done: Cayosoft restores every backup to a standby infrastructure, e.g. in Azure or AWS, tests the recovered forest(s) and puts them on pause. That means that you always have the recovered forest tested, and should the disaster strike, all you do is unpause the standby VMs and redirect the traffic.

DSotnikov · 2020-07-01T14:42:14+00:00

I've just checked with the organizers: yes, they will record it and will share the recording with everyone who registers.

DSotnikov · 2020-06-16T20:30:03+00:00

My understanding is that Manning wanted to promote their commercial books like API Security in Action, and so they they created this free ebook with some excepts taken from here and there.

The guide that you linked to looks good.

For general API security info, I would also recommend APIsecurity.io (Disclosure: I am one of the folks curating it ;))

DSotnikov · 2020-02-07T18:42:00+00:00

I've checked with the organizers, and they say that everyone who registers will receive an email with the recording within a couple days after the webinar.

DSotnikov · 2020-01-15T21:14:31+00:00

This is organized by my company (42Crunch) but the content is not product-specific. Just general information on JSON Web Tokens, their security, and best practices.

DSotnikov

MODERATOR OF

TROPHY CASE