Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling, CTO, Oxford Computer Group
Administrator privileges will be compromised: social engineering, bribery, private initiative 50 years ago we gave the administrator the keys to the kingdom; we can’t just take it away All the commonplace attacks exploit privileged accounts: Stolen admin credentials Insiders Malicious service provider staff
Capability and time needed Result = limited in time & capability
Secure Privileged Access: On-Premises MIM 2016 PAM
1 2 3
X
PAM Demo Microsoft Identity Manager 2016
Complete list of cmdlets at:
Azure AD Privileged Identity Management
DEMO Azure AD Privileged Identity Management
Global adoption (over 40 countries) Increasing customer usage (weekly) Data from a Preview Customer
-Upcoming Update Microsoft Identity Manager 2016
JIT groups for Priv domain PAM PowerShell Deployment requests and approvals with Exchange Online Customer Reported Bug Fixes Hardened Security Updated Platform Support Cross Browser Support
2016 Redmond Summit Sponsors
Thank you!
Just In Time Administration Compliance Mapping JIT Security and Compliance Capability ISO 27001: 2013PCI DSS 3.1FedRAMP; NIST Revision 4 Controlling Logical Access Privileges and Implementing Least Privilege Access A.9.1 – Business requirement of access control A – Access to networks and network services A – User access provisioning A – Management of privileged access rights A – Information access restriction A – Access control to program source code 7.1 – System components and cardholder data access restricted to job-based needs – User ID access based on least privileges – Assigning access to job function and classification – Documented approval of access privileges – Assigning privileges to job function and classification – Default “deny-all” setting – Administer user accounts – Monitor and control all access to data AC-2 – Account Management AC-3 – Access Enforcement AC-6 – Least Privilege AC-6 (1) – Authorize Access to Security Functions AC-6 (2) – Non-Privileged Access for Non-Security Functions AC-6 (5) – Privileged Accounts AU-9 (4) – Audit Access by Subset of Privileged Users CM-5 – Access Restrictions for Change CM-5 (1) – Automated Access Enforcement CM-5 (5) – Limit Production / Operational Privileges Access Logging / Monitoring / Auditing A – Event logging A – Administrator and operator logs – Logging actions by root privileges individual – User changes logging AC-2 – Account Management AC-2 (4) – Automated Audit Actions AC-2 (12) – Account Monitoring AC-6 (9) – Auditing Use of Privileged Functions AU-2 – Audit Events AU-12 – Audit Generation CM-5 (1) – Automated Access Enforcement