Active Directory-, Azure- & Windows OS Platform Security Services

In the space of Active Directory, Azure and Windows OS platform security, we provide a wide range of security services from Active Directory assessments to highly individual analysis projects based on specific customer questions and requirements for selected Microsoft products.


Active Directory Security Audit

We assess the current security state of an Active Directory environment compared to industry standards and security best practices with tools developed inhouse as well as publicly available and well-known security software. Thereby, we focus on technical configuration issues as well as on operational and organizational issues. We provide a fully-fledged audit report with a management summary, detailed finding descriptions and finding ratings together with prioritized and reasonable mitigation recommendations.

Active Directory Pentest

We test and highlight the security posture of an Active Directory environment as ethical hackers by means of a skilled and motivated attacker with tools developed inhouse as well as publicly available and well-known security software. We identify attack paths and perform lateral movement and privilege escalations in any kind of customer-defined setting and attack scenario (black box, grey box, white box pentest from considerate/stealthy to aggressive). We provide a fully-fledged pentest report with a management summary, detailed finding descriptions and finding/vulnerability ratings together with prioritized and reasonable mitigation recommendations.

Azure Security Assessment

We assess the implementation of specific Azure and Microsoft 365 Software-as-a-Service (SaaS) services compared to industry standards and security best practices. Here, we focus on implemented authorization and permission concepts, management of security principals, technical configurations that are under the control of the customer as well as well as potential privilege escalation paths. We provide a fully-fledged audit report with a management summary, detailed finding descriptions and finding ratings together with prioritized and reasonable mitigation recommendations.

Windows OS Platform Security Services

In the context of the SiSyPHuS Win10 study for the Federal Office for Information Security (BSI) we deepened our Windows OS know-how and published deep technical content about security relevant components and functions of the Windows 10 OS. We perform Windows OS platform security assessment such as:

  • Windows OS audit: evaluation of the current security state of a given Windows system compared to industry standards and security best practices
  • Windows pentest: test of the security posture of a given Windows system by means of a skilled and motivated attacker
  • Security analysis or assessments of specific Windows-based usage scenarios such as:
    • Security analysis of embedded or medical Windows systems
    • Security assessments of golden images of Windows servers or Windows clients
    • Security assessments of Privileged Access Workstations (PAW)
Security Consulting

We provide a wide range of consulting services in the space of Active Directory, Azure and Windows OS platform security. Apart from specific customer requirements that we satisfy, our bestsellers in the consulting space are:

  • Design and implementation of the Admin Tier Model in Active Directory
  • Hardening of Azure and hybrid Active Directory environments
  • Identification and mitigation of attack paths in Active Directory and Azure AD
  • Hardening of Windows servers and clients
  • Design and configuration of Privileged Access Workstations (PAW)
Security Concept Reviews

We frequently review security concepts of Active Directory and Azure environments as well as security concepts for specific components or aspects of Microsoft-based environments, such as concepts for MFA, Windows PKIs, AD FS servers, or AppLocker and Windows Defender Application Control.

Hardening Guidelines

We develop and create hardening guidelines for our customers in the space of Active Directory, Azure and Windows OS platform security. In the context of the SiSyPHuS Win10 study for the Federal Office for Information Security (BSI) we published a comprehensive hardening guide as well as an extensive logging guideline, both for Windows 10.

Trainings and Webinars

Currently, we provide the following security trainings in the space of Active Directory, Azure and Windows OS platform security:

  • Hardening Microsoft Environments
  • Incident Analysis
  • Analysis of Malware by Reverse Engineering

These trainings can be booked:

  • as an inhouse or closed company online training: please contact us
  • as a public online training: please contact our marketing partner HM Training Solutions

Heise Security provides the following webinars about Active Directory security with ERNWs Active Directory specialists. These webinars are available at: