Deploying Active Directory Honeytokens When to Use - When deploying deception-based detection in Active Directory environments - When detecting Kerberoasting attacks via fake SPN honeytokens (honeyroasting) - When creating tripwire accounts to detect credential theft and lateral movement - When building decoy GPOs to detect Group Policy Preference password harvesting - When creating deceptive BloodHound paths to misdirect and detect attackers - When supplementing existing AD monitoring with high-fidelity detection signals Prerequisites - Domain Admin or delegated AD administration privileges…