Today’s senior executives rely on information technology organizations to help their business execute on strategies and improve their operations.

As the bedrock for the corporate directory and identity, the Active Directory plays a critical role in this IT environment, by providing access control for servers and applications.

At the same time, the threat of compromise to IT infrastructures from external attacks is rapidly growing and evolving in both scope and sophistication. The motivations behind these attacks range from “hacktivism” (attacks influenced by activist positions) to theft of intellectual property – and the Active Directory environment is not immune from being targeted for compromise.

Against this backdrop and to help enterprises protect their Active Directory environments, Microsoft IT released a detailed technical reference document, “Best Practices for Securing Active Directory.”

The key tenets of this document are four interrelated strategies Microsoft IT recommends to protect a typical Active Directory environment, including:

  • Identifying vulnerabilities
  • Reducing attack surface
  • Monitoring for indicators of compromise
  • Developing a long-term security plan

The methods we discuss in the document are largely based on Microsoft’s Information Security and Risk Management (ISRM) organization’s experience, which is accountable for protecting the assets of Microsoft IT, other Microsoft Business Divisions, and advising a selected number of Microsoft’s Global 500 customers.

As we strive towards enabling our customers in making their IT environment secure and reliable, we hope that you will find this guidance useful and enlightening.

You can download the technical reference document from the IT Showcase site, and I encourage you to provide us feedback by sending us email at

Bret Arsenault
Chief Information Security Officer