<ciso brief/>
Tag Banner

All news with #aws managed microsoft ad tag

all tags →

Mon, July 28, 2025

Automate Disabling AD Users from GuardDuty Findings

#AWS #AWS EC2 #AWS EventBridge #AWS GuardDuty #AWS IAM #AWS Managed Microsoft AD #AWS Secrets Manager #AWS Step Functions #AWS Systems Manager

🔐 This AWS Security Blog post explains how to use Amazon GuardDuty to detect suspicious activity and automatically disable accounts in AWS Managed Microsoft AD. It walks through deploying a managed directory and a directory-administration EC2 instance, configuring AWS Systems Manager Run Command documents, and orchestrating those actions with AWS Step Functions triggered by Amazon EventBridge. The guide includes required permissions, testing steps using GuardDuty’s test domains, and notes on extending the automation to reset passwords or send notifications.

read more →