>_AYSOLI SECURITY HUB
THREAT AREA

Modern Workplace (Intune)

The modern workplace is mobile and flexible. Laptops must function securely worldwide without requiring constant physical contact with the corporate network.

Your Strategy

Rely on cloud-native management with Microsoft Intune. Enforce compliance policies: access to company data is granted only if the device is encrypted, the firewall is active, and all patches are installed.

Best Practices

  • Autopilot: Automate the setup of new devices without manual IT intervention.
  • Compliance: Use "Conditional Access" to immediately block non-compliant devices.
  • Encryption: Enforce BitLocker / FileVault on all devices.

STRIDE-LM Design Risks

SpoofingS-01

Identity Spoofing

Attacker impersonates a legitimate user or partner.

TamperingT-01

Data Tampering

Unauthorized modification of shared data or configurations.

RepudiationR-01

Audit Log Manipulation

Deleting or altering traces of an action.

Information DisclosureI-01

Sensitive Data Exposure

Unintentional disclosure of internal information to externals.

Denial of ServiceD-01

Resource Exhaustion

Overloading systems through massive requests or resource hogging.

Elevation of PrivilegeE-01

Privilege Escalation

Gaining privileges beyond what is intended.

Lateral MovementL-01

Lateral Movement

Accessing further internal systems after initial login.

Monitoring GapsM-01

Insufficient Logging

Missing or inadequate recording of security-relevant events.

MITRE ATT&CK® Techniques

Initial Access
T1078

Valid Accounts

ATT&CK

Exploiting existing credentials for access.

Mitigated by
Endpoint Compliance (Intune)Baseline ProtectionMedium
CIS: 4.1NIST: PR.AC-7
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
MFA for Windows Sign-inExtended ProtectionMedium
CIS: 6.5NIST: PR.AC-7
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
T1566

Phishing

ATT&CK

Delivering malicious content via electronic communication.

Mitigated by
Endpoint Compliance (Intune)Baseline ProtectionMedium
CIS: 4.1NIST: PR.AC-7
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
Persistence
T1098

Account Manipulation

ATT&CK

Changing permissions or creating new accounts.

Mitigated by
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
T1484

Domain Policy Modification

ATT&CK

Modifying domain policies for privilege escalation.

Mitigated by
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Privilege Escalation
T1548

Abuse Elevation Control Mechanism

ATT&CK

Bypassing mechanisms for privilege escalation (e.g., UAC).

Mitigated by
Endpoint Compliance (Intune)Baseline ProtectionMedium
CIS: 4.1NIST: PR.AC-7
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Defense Evasion
T1070

Indicator Removal

ATT&CK

Deliberate deletion of logs and evidence to conceal an attack.

Mitigated by
Immutable Audit LogsExtended ProtectionMedium
CIS: 8.2NIST: PR.PT-1
Credential Access
T1539

Steal Web Session Cookie

ATT&CK

Capturing active session tokens to bypass authentication.

Mitigated by
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
T1003

OS Credential Dumping

ATT&CK

Extracting credentials from the operating system.

Mitigated by
Endpoint Compliance (Intune)Baseline ProtectionMedium
CIS: 4.1NIST: PR.AC-7
MFA for Windows Sign-inExtended ProtectionMedium
CIS: 6.5NIST: PR.AC-7
T1552

Credentials from Password Stores

ATT&CK

Extracting passwords from web browsers or password managers.

Mitigated by
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
Lateral Movement
T1021

Remote Services

ATT&CK

Use of legitimate remote services for lateral movement within the network.

Mitigated by
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021

Is your scenario more complex?

AYSOLI experts support you in implementing your specific security requirements.

Free consultation
Modern Workplace (Intune) | IT Security Checklist for SMEs · AYSOLI Security Hub