PIM part 2

What a way to start of the month with another Blog on Privilege Identity Management (PIM), great stuff! In my last blog on PIM here I talked about some of the features that are possible. In this blog I want to talk about whats inside, how does it look and feel. Let's start by the beginning.

PIM Starting

1. Activating PIM - to do this you should have Azure AD premium Plan 2! If you don't have this you can request a 30 day trial. Once you have that up and running the next step is to activate PIM.


3. There you go that wasn't very hard now? Let's continue by selecting the Role you want to define further. Click on "Global administrator" and click on Next.

4.You can now choose the people you want to make eligible for this role. Note: Eligible means this person only has this role for a period of time not permanent.

5. Click on Next to see the last screen and to confirm by clicking Ok. Your all done now.

So now you enter the PIM environment. There is already a new look & feel in the Azure portal so click on Try the new navigation to checkout the new look & feel.


The new look & feel looks like this.

Here on this site you direct view on a few things like:


  1. How much percent of the roles are eligible and how many are not
  2. The alerts you can configure this by clicking on Settings > Alerts.  
  3. Audit history is a cool one, you get to see how much has been times the request for a role has been activated

Audit History


How many activations are happening per day and who is activating his or her role. The reasoning is also visible here. To retract users from their role however you should go to Review access not here. 

Role settings

You can define certain settings per role. Click on the role in the Managed > Azure AD Roles and then on Settings to enable certain features for that specific role. 
  1. Maximum of time that the role is activated (from 0.5 hours till 72 hours)
  2. Notifications - notify the administrator if this role has been activated
  3. Incident/request ticket - A nice way to make sure it clear that the role has been activated for a certain job someone had to do
  4. MFA - This is enabled by default for Admin roles
  5. Require approval - it could be that a role request needs to be approved, this can be enabled here.

Conclusion

So many awesome things to see here. For a fully secured environment this is the way to go. Prevent admin accounts being active forever, use Privileged Identity Management!

Comments

Post a Comment

Popular posts from this blog

Azure Information Protection (AIP)

Image
Let's start with one of my favorites (till now). Azure Information Protection (or AIP). Just imagine the following example: You are working on your Word document and you want to send this document to an external person. You e-mail that document as an attachment. The person opens this document, reads it and puts it on an USB stick to take with him. The USB stick get's lost! Now the document can have fallen into the wrong hands! Now what? OK this is a little bit of a roman but hey it could happen! Active Director Rights Management  First let us go back in time to when AIP didn't exist and there was  Active Directory Rights Management Services .  This was a server role that could be installed on Windows Server 2008 R2, it exists since Windows server 2003! Back then it was called RMS. The RMS client is available  from Windows 2000 and later. So what does RMS do? To explain in simple English: Information with RMS on it has certain policies with it  that ...
Read more

Tiles modern UI

Image
Back in SharePoint 2013 Microsoft introduced "Promoted links" a feature which enabled users to create tiles quick and easy without any custom code. Since then I've seen Promoted links being used a lot of ways, some better than others. However creating tiles with an image in the background was always a nasty thing to do. People would use the weirdest images as background to indicate what it was, totally not user friendly. Especially the choice of the color was very "weird" you would have tiles with all sort of colors and images (see image below as an example). Promoted links always had one big problem; Scaling! It's not responsive in a way you would want to have it. Since Microsoft introduced Modern UI they have also introduced the webpart "tiles". Tiles enables the user to create custom tiles within their SharePoint site, quick and easy. Cool features of the Tiles webpart. Tiles are responsive! They resize when the screen gets smalle...
Read more

Azure Active Directory (AAD)

Image
In my last post I talked about Azure Information Protection (AIP). It was a way of getting a good sense of security in the Cloud. Today I want to talk about a very important feature in Azure: Azure Active Directory (AAD). AAD is a good place to start with security. Users that are allowed or prevented from logging in is your first line of defense. In preview AAD is not something radically new. Microsoft created the Management portal om the new Azure Portal to make it look and feel like the new portal. At this moment the most users will have to use the old portal for AAD but once the new management portal is out of preview we are good to go! What has changed? So who cares? It's a new Mangement portal for AAD. To be honest nothing has really changed, Microsoft just changed the look & feel of the new portal. 3 versions There are 3 versions of the AAD: Free, Basis and Premium. See the link below to decide what versions of AAD you need. Overview AAD subscriptions F...
Read more