Securing the Microsoft Active Directory (AD) identity store is the major step in protecting an organization from modern attacks, including ransomware, supply chain threats and account takeover. A common thread that connects most of the recently publicized potential breaches is the compromise of credentials whose authentication is governed by AD. The AD is one of the crown jewels in an organization, as it stores critical information such as users, groups, computers, applications, policies, contacts and, of course, the login credentials of the resources and applications that are being accessed. First released in 1999, AD is undoubtedly legacy technology; nonetheless, it is still the de facto identity infrastructure within most modern companies. With over 90% of Fortune 1000 companies using AD,1 it isn’t surprising to see this directory service being targeted by adversaries — making it a renewed priority for security teams to protect this crown jewel asset.