Red Forest

We utilize the Microsoft ESAE/Red Forest in my production environment for our Active Directory security hardening. What is this? Well, it’s the path of least privilege in Active Directory. According to this Microsoft article, the underlying principles can be achieved in as few as 3 concepts summarized below: Phase 1 of the roadmap is focused on quickly mitigating the most frequently used attack techniques of credential theft and abuse. Phase 1 is designed to be implemented in approximately 30 days and is depicted in this diagram: