PAW deployment guide

After running the PAW TAP program on the solution explained in this blogpost, I received tons of interests and great feedback. While the team is investigating on a plan, a lot of customers are asking how they can deploy PAW in their datacenter. This blogpost is dedicated on this topic. To put the solution into…


Connect to Virtual Machines (VMs) on PAW

Continuing the PAW series, this blog post discusses the options to connect to the VMs running on the PAW device. In Windows, you can connect to a locally running VM using: VMConnect (basic mode or enhanced mode) RDP using mstsc.exe (classic RDP client) RDP using the Remote Desktop app from Store (modern RDP client) RDP…


Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This blog post is intended to clarify things and explain how to run them side by…


Building VM template using Assigned Access

Since it took me a couple of attempts to create VM templates for Azure portal management and Remote Desktop (in order to make them available for the TAP evaluation), I thought it best to share the process, so you can build your own customized image.  My goal is to create a PAW VM that offers…


Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many questions are related to shielded VMs so I’d like to focus this blog post on sharing our reasoning for building the PAW solution on shielded VMs. Running virtual machines (VMs) on Windows client is not new, but running…


How to deploy a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, dedicated for user productivity workload. It is typically joined to your org production domain. You…


PAW host buildout

Continuing with the PAW series, in this blog post, I’d like to share the details of what we are planning to configure the host. I’d love to hear your thoughts, feedback about the design. For a recap on the PAW overall solution, you can find it in this blog post. The PAW host is designed…


Privileged Access Workstation(PAW)

At Ignite conference last month, Dean and I presented a session on PAW. Originally we were planning to just talk about the concept of PAW and how it is deployed in Microsoft. A week before the conference, we decide to share our early design based on the Windows 10 1709 release, so that we can…


Reduce the number of admins on your servers with Just Enough Administration

Least Privilege As part of your information security strategy, you are probably familiar with the principle of least privilege. The concept itself is simple — give your IT staff and end-users as few permissions as necessary to get their jobs done. This helps shrink your attack surface and limit exposure when attackers compromise user credentials through phishing, key logging, or…

0

Securing Privileged Access – A practical approach

Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an organization depends on the integrity of the privileged accounts that administer and manage IT systems. Cyber-attackers are targeting these accounts and other elements of privileged access…