Safeguard privileged local accounts on Azure AD joined and on premises AD joined Windows computers from being compromised and reduce the chances of Pass-the-Hast (PtH) attacks.
PtH attacks are becoming common. Microsoft wants organizations to assume that a breach has already occurred in order to highlight the need for a more mature defense. In most organizations, the Local Administrator Password is shared among many administrators, which raises several concerns by IT Security Auditors.
With Synergix Secrets Vault software, Local Administrator, Alternate Administrator and a restricted Local User Account passwords are system generated and stored securely in Azure in encrypted form. Passwords are validated regularly and reset to maintain the integrity. The password vault is infallible to the extend of Azure Infrastructure. Only designated administrators, enabled with MFA, are allowed to retrieve and decrypt the password strings.