@Evil_Mog Not a dig on the teams behind AD at MSFT, nor on the IT and security teams who implement it. AD is simply an old, very robust, very complex product. AD probably has 1000 features. 99% of orgs need 1% of AD functionality: - secret + MFA = session - groups The rest is risk.

← @kwm Twitter archive

Keith

@kwm

@Evil_Mog Not a dig on the teams behind AD at MSFT, nor on the IT and security teams who implement it.

AD is simply an old, very robust, very complex product. AD probably has 1000 features.

99% of orgs need 1% of AD functionality:

- secret + MFA = session
- groups

The rest is risk.

1/6/2025, 10:24:44 AM

Favs: 5

Retweets: 1

link

Keith

@kwm

@Evil_Mog Also not attempting to split hairs between directory services vs. SSO provider vs. IAM vs. other AAA things. My point is that it's simply more than most orgs needs, and certainly more than they can stay atop of by way of processes, updates, auditing, testing, etc.

1/6/2025, 10:27:02 AM

Favs: 3

Retweets: 0

link