
Trimarc Service Improvements
Last Year, our Trimarc services, including the Active Directory Security Assessment (ADSA) and Microsoft Cloud Security Assessment (MCSA), underwent significant upgrades that have been in the works for some time. Looking ahead to 2025, we have exciting plans to further enhance our offerings. With each assessment, we continuously refine our services by incorporating the insights and nuances identified in previous engagements, ensuring ongoing improvement and actionable remediations. Moreover, it’s essential for us to stay informed about emerging threat actor techniques and attack vectors and ensure these data points are reflected in our services.
First, our entire ADSA report structure has been revamped. Acting on input from customers, as well as Trimarc’s own assessment leads, the new Trimarc ADSA report document has been simultaneously streamlined while being expanded. In particular, findings that do not have clear security implications have been eliminated from the report, and findings that impact other findings have been grouped together. The result is a smoother reading experience for the customer and a more usable end product.
We continue to deepen the analysis provided in our Active Directory Certificate Services (AD CS) sections to highlight how multiple low-priority issues with AD CS can be combined to create high- or critical-priority issues in the overall AD forest. Then later this year, we will be highlighting public key infrastructure configurations that may result in unexpected usability issues and novel paths to exploiting the AD CS environment.
As for the MCSA, with so much constant change in the Entra ID landscape, it’s hard to keep up with everything. That’s why Trimarc takes a customer-centric approach. Our MCSA already provides a thorough analysis of the Microsoft Entra ID and Microsoft 365 environments, but we’re always looking for improvement. Last year, our customers asked for a more robust evaluation of Conditional Access policies (CAP), and we delivered. Our previous assessment reported on 4 CAP best practices. Today, our assessment looks at 12 different recommendations including a deep dive into CAP inclusions and exclusions to identify users and applications that may be inadequately protected.
The MCSA has always provided an industry leading review of highly-privileged users and applications, but last year we expanded and improved those checks. Permissions are now categorized into Trimarc Levels – a classification system comparable to the Microsoft tiering model. Separating permissions into levels has helped our customers prioritize findings by highlighting remediation efforts with the largest impact.
This year’s MCSA will start including a more thorough report of applications. Focusing on the Trimarc Levels, the report will better identify applications with elevated tenant permissions (including dangerous ownership) and evaluate risky deployment of certificates & secrets to go beyond what’s visible in the administration console.
Customers regularly ask us to help decide where to start with their remediation efforts. While we’ve always provided an approximate Level of Effort with each remediation item, in 2025 we are introducing a rapid action plan that highlights and prioritizes the security configurations that need to be addressed first. This will include the most significant findings in the environment and customized code snippets to help resolve the identified problems (where possible). The decision to add this action plan and customized guidance has been heavily influenced by our soon-to-be-released SaaS product, Vision. While our services have always provided remediation guidance, Vision provides more customized guidance. We can’t let the new pup upstage the old dogs, can we?