The First 90 Days

The first 90 days

ESAE Phase 2 Outline

The items listed in this phase are very important and high impact. However, completing these steps takes longer than phase 1. The steps in this phase take a bit of planning and often change controls or change management needs to be involved.
  • Deploy Privileged Access Workstations for all admins
  • Time-bound privileges (PAM, no permanent admins)
  • Multi-factor for elevation
  • Just enough administration
  • Lower attack surface of domain and DCs
  • Attack Detection

Steps to begin ESAE Phase2

← Start With the AWS Root Account
What is an administrative account →