Beyond 90 Days

The beyond 90 days

ESAE Phase 3 Outline

The third and final phase of the ESAE framework shifts you, the defender, to a more proactive security stance. Some of these steps are intensive and create a large amount of administrative overhead. It is a best practice to completely deploy these steps, but depending on the size of the organization and the risk appetite of an organization, completing these steps is not cost-effective..
  • Modernize Roles and Delegation Model (Microsoft’s Tiered Delegation)
  • SmartCard or Passport Authentication for all domain administrators
  • Admin forest for Active Directory Administrators (Red Forest)
  • Code Integrity Policy for DCs
  • Shielded VMs for Virtual DCs

Steps to begin ESAE Phase3

← What is an administrative account
LAPS: Install and Configure →