Microsoft is much more than Windows though. Active Directory is still a terribly insecure mess that forms the backbones of most major companies. Beyond that, all of Windows still runs on unsalted NTLM hashes. NetNTLM and NetNTLMv2 are more secure salted hash types, but both use the original unsalted NTLM hash to form the NetNTLM/v2 hashes. That allows attackers to simply pass-the-hash to authenticate as domain/local Windows accounts without ever having to know the password.
I mean this very sincerely: The day Microsoft's products are actually secure is the day I'm out of a job.
To my knowledge the current best practicen is to have all NTLM versions disabled and use Kerberos which surprise surprise is also the backbone of linux enterprise login...
AD is just a fancy interface to LDAP with Kerberos, that sound familiar in any way?
This is true, but going away rapidly and being replaced by Entra ID (formerly Azure Active Directory).
The big difference is that a breach of any single Entra ID connected service doesn’t give attackers widespread access to unrelated systems sharing the same tenant. For comparison, once you’ve got a foothold on an Active Directory domain member, it’s surprisingly easy to move horizontally to the rest of the network.
I mean this very sincerely: The day Microsoft's products are actually secure is the day I'm out of a job.