May 10, 2024
MITRE & ANSSI SUPPORTED
290
CHECKS
CIS/NIST
SUPPORTED
PERMISSIONS
ANALYZER
AD ISSUES
FIXER
AD GPO
ANALYZER
DC HEALTH
CHECKER
ASSESSMENT
SCHEDULER
It’s crucial to carry out an advanced assessment before purchasing any monitoring software for Microsoft Active Directory to make sure the tool can keep an eye on all the problems the assessment tool finds—something the SmartProfiler for Active Directory does! Not every assessment tool examines every facet of Active Directory environments. SmartProfiler is designed to uncover issues in On-Premises Active Directory.
Active Directory is a primary source for Authentication and Authorization for users and business applications. Microsoft doesn’t provide out of the box tools that can be used to perform health & risk assessment of Active Directory environment. SmartProfiler AD-OnPrem Security Tool can be used to perform Active Directory assessment for multiple AD forests and provide an assessment report which includes issues and recommendations to fix the issues.
Health Check involves evaluating the tool's capability to perform health checks on various components. For Active Directory, this may include assessing the KCC component, DNS, domain controllers, replication, active directory site coverage, partition backup, inconsistent states of domain controllers, orphaned domain controllers, undefined subnets, and DCDiag tests, among others.
Misconfiguration entails the tool's ability to identify and report misconfiguration items. In the context of Active Directory, this may cover aspects such as undefined subnets, AD Site Links, replication topology, time synchronization, Fine-Grained Password Policy (FGPP) parameters, Domain Account Policy parameters, manual bridgehead servers, DNS static records and more.
Security and Risk assessment involves evaluating whether the tool can perform a comprehensive analysis of security vulnerabilities and risks. Specifically for Active Directory, this may include examining LAN Manager Hashes, SMB Signing, LDAP Signing, NT4Crypto, accounts with blank passwords, accounts using SPNs, unauthenticated domain controllers, and numerous other tests.
Performance assessment focuses on the tool's ability to evaluate component performance. In the case of Active Directory, the primary focus is on domain controllers. It is important to monitor KCC and LDAP performance, as they heavily influence domain controllers' functionality, depending on the size of the environment.
Non-Compliance evaluation involves checking for non-compliant items. For Active Directory, although the number of such items may be limited, the tool should at least highlight the privileged users added in the past 10 days. It should also assist in closely monitoring admin and user activities and facilitating recovery from security incidents.
Know if your Active Directory environment follow all recommendations highlighted by MITRE & ANSSI and CIS/NIST.
SmartProfiler for Active Directory offers additional tests apart from tests offered by MITRE and ANSSI organizations. It is worth noting that SmartProfiler provides a more comprehensive set of tests than the MITRE and ANSSI organizations, offering a total of 290 tests across all relevant categories. While the MITRE and ANSSI provides only 87 tests, SmartProfiler’s additional tests are specifically designed by our Active Directory Experts to ensure that every aspect of Active Directory environment is covered.
In SmartProfiler for Active Directory dashboard you can see all issues that have been identified during the assessment.
In addition to performing security and health assessment of your Active Directory, SmartProfiler for Active Directory also provides vendor links for each test so you can learn more about each test’s importance and the reasons you should check your environments against vendor recommendations.
SmartProfiler for Active Directory ships with AD Issues Fixer. You can fix low, high and medium issues with a mouse click and follow the on-screen steps to resolve an issue. The AD Issues Fixer can also be used to export the PowerShell script with affected objects to fix the issues. This way you have an opportunity to review the Fix Script before running it.
With SmartProfiler you can quickly check if a particular GPO Setting or set of GPO Settings are configured in Active Directory Domains or not.
SmartProfiler comes with NIST/CIS Analyzer which can be used to analyze security settings recommended by organizations such as NIST and CIS. Currently, SmartProfiler supports: CIS_Microsoft_Windows_Server_2022_Benchmark_v2.0.0 and other templates for Windows Server 2019, Windows Server 2016 and Windows Server 2012 R2 CIS Security Configuration to be checked on Domain Controllers and Member Servers.
SmartProfiler for Active Directory now enables you to analyze Tier 0 Objects and OU Permissions and fix them. The feature is available as a module and can be used once the license is purchased for AD OU Permissions Analyzer & Fixer.
With Domain Controllers Security Analyzer you can see security status of each domain controller in the Active Directory forest and ensure all domain controllers are not operating with any security risk.
When running Active Directory assessments, the each execution collects data in a separate Assessment Run. For example, you can run first Assessment Run before fixing issues and Second Assessment Run after fixing all issues. Once done you can compare these Assessment Runs using Compare Assessments in SmartProfiler.
With SmartProfiler for Active Directory now you can create your own Active Directory query targeting AD Domains and show the result in SmartProfiler console.
With Active Directory Real-Time Monitoring in SmartProfiler, you can monitor single or all AD Domains in an AD Forest ensuring all risks are captured and notified via email.
SmartProfiler checks all important components in Active Directory. Here’s a list of categories.
If you have made the decision to conduct an Active Directory Security Assessment for your production AD Forests, it is crucial to recognize the potential security threats that may exist within your Active Directory environment. However, neglecting to address health and configuration issues poses a significant security risk. In this article, we will explore the importance of performing a “complete” Active Directory assessment, in addition to recommended security tests by organizations such as MITRE and ANSSI.
Learn MoreHere’s the list of frequently asked questions we have put together for each of our products and services. In case you still have any questions or require support on our products please feel free to connect with us using the contact us form or by sending an email to Support@Microsoft-Assessment.com.
No. SmartProfiler is a ready-only assessment. SmartProfiler Assessment collects data from target tenants and then analyze the data.
No. SmartProfiler collects information in CSV files stored on SmartProfler computer.
It depends on the Assessment Technology as listed below: For Office 365 Assessment 1-2 hours to complete assessment For Active Directory 5 hours. However, it depends on how big the Active Directory environment is. For Azure Virtual Desktop 1-2 hours For Azure 1-2 hours.
SmartProfiler generates reports in Microsoft Word format. However, you can edit Impact and Recommendations for each test before generating the report.
ince report is generated in Microsoft Word format, you can brand these reports.
If you’re really looking for an Active Directory security assessment tool, download SmartProfiler and perform an assessment. This will assist you in identifying security, health, and configuration problems.
The health and misconfiguration assessment feature of SmartProfiler can be very useful in demonstrating that your environment does not use Microsoft’s suggested settings.
The best feature of SmartProfiler is that it can perform the assessment without a Global Admin account and without needing the registration of an Azure AD application. Because it only required a Global Reader Account, we were able to use the tool effectively for our clients and clients could allow us to conduct the assessment!
SmartProfiler's advanced assessment parameters really gives you insights about your Active Directory environment and make sure every risk is mitigated.