Configures Microsoft ESAE Active Directory tiered admin model with Tier 0/1/2 separation, PAW workstations, management forests, authentication silos, and credential theft mitigations. For securing enterprise identity environments.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
实施 Microsoft 增强安全管理环境(ESAE)Active Directory 分层管理模型,涵盖 Tier 0/1/2 分隔、特权访问工作站(Privileged Access Workstation,PAW)、管理林设计、认证策略孤岛和凭据盗窃缓解措施。
Implements Microsoft's ESAE tiered administration model for Active Directory, covering Tier 0/1/2 separation, PAWs, administrative forests, authentication silos, and credential theft mitigation.
Implements Microsoft's ESAE tiered model for Active Directory with Tier 0/1/2 separation, PAWs, authentication silos, and credential theft mitigation. For securing AD environments.
Configures Microsoft Entra ID (Azure AD) conditional access policies for zero-trust access control, covering signal-based design, device compliance, risk-based auth, named locations, session controls, and NIST SP 1800-35 integration.
Share bugs, ideas, or general feedback.
实施 Microsoft 增强安全管理环境(ESAE)Active Directory 分层管理模型,涵盖 Tier 0/1/2 分隔、特权访问工作站(Privileged Access Workstation,PAW)、管理林设计、认证策略孤岛和凭据盗窃缓解措施。
| 控制项 | NIST 800-53 | 描述 |
|---|---|---|
| 账户管理 | AC-2 | 生命周期管理 |
| 访问执行 | AC-3 | 基于策略的访问控制 |
| 最小权限 | AC-6 | 最小必要权限 |
| 审计日志 | AU-3 | 认证和访问事件 |
| 身份标识 | IA-2 | 用户和服务标识 |