The guidance within this section is equally applicable to all user accounts unless specified otherwise. This includes unprivileged user accounts and privileged user accounts, which includes break glass accounts and service accounts. In addition, the guidance is equally applicable to interactive authentication and non-interactive authentication.
Further information on implementing multi-factor authentication can be found in ASD’s Implementing multi-factor authentication publication.
Further information on event logging can be found in the ‘Event logging and monitoring’ section of the Guidelines for system monitoring.
Further information on randomly generating passphrases is available from the Electronic Frontier Foundation while a random dice roller is available from RANDOM.ORG.
Further information on how to secure group Managed Service Accounts in Microsoft Windows Server is available from Microsoft.
Further information on changing credentials for the Kerberos Key Distribution Center’s service account can be found in Microsoft’s Active Directory accounts and Active Directory Forest Recovery - Reset the krbtgt password publications. A script for changing credentials for this service account is also available from Microsoft.
Further information memory integrity functionality is available from Microsoft.
Further information on Local Security Authority protection functionality is available from Microsoft.
Further information on Credential Guard functionality and Remote Credential Guard functionality is available from Microsoft.
67 controls