Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Driven Security

Published byIsaac Salazar Lagos Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity Driven Security"— Presentation transcript:

1 Identity Driven Security
Privileged Identity Management With Azure AD Privileged Identity Management, you can manage, control, and monitor access within your organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune. This demo shows how a Global Administrator can grant a super user elevated access for a limited period. The Azure AD Privileged Identity Management console in the Azure Portal provides important information such as: Alerts that point out opportunities to improve security The number of users assigned to each privileged role The number of eligible and permanent admins Ongoing access reviews CLICK STEP(S) Click anywhere on the slide to begin

2 CLICK STEP(S) Click on the Azure AD Privileged Identity Management tile.

3 CLICK STEP(S) Click Manage privileged roles.

4 Point out: Alerts and Role Summary.
Contoso has a number of permanent Global Admins. They have full access and control over the directory and the Office 365 tenant all the time. That leaves Contoso compromised and open to malicious attacks all the time. With Privileged Identity Management Contoso can decide who should have permanent access and who should just have temporary access when required. CLICK STEP(S) Under Role summary, click the Global Administrator role.

5 Isaiah does not need permanent admin access so the admin sets him to eligible.
CLICK STEP(S) In the Global Administrator blade, click Isaiah Langer.

6 Eligible admins are users that need privileged access now and then, but not every day. The role is inactive until Isaiah needs access, then he completes an activation process and becomes an active admin for a predetermined amount of time CLICK STEP(S) On the right, click Make eligible.

7 CLICK STEP(S) Click the X to close the notification.

8 CLICK STEP(S) On the Global Administrator top navigation bar, click Settings.

9 Point out: Maximum Activation duration slider.
The admin can also configure the nature of the admins access, how long it lasts and any notification or if additional authentication is needed. Note that for certain high privileged roles, MFA is always enabled. CLICK STEP(S) Under the Notifications section, click Enable.

10 CLICK STEP(S) Click Save.

11 Now that Isaiah is eligible to activate administrative rights, let’s see what the experience looks like for him. CLICK STEP(S) In the upper right corner of the browsing session, click the minimize button.

12 When Isaiah is made eligible he receives an notification that he can now activate a privileged role. Here you can see the invitation that Isaiah received when he was made eligible. When he needs higher privileges for a specific task, he can go in to the Privileged Identity Management in the Azure portal and request activation for the role. CLICK STEP(S) On the right of the message, click the scroll bar to scroll down.

13 CLICK STEP(S) In the , click on the Azure Portal link. Click on the Azure Portal link in the .

14 As MFA is required for the Global Administrator role which Isaiah is eligible for, he would be prompted to set up verification of his identity using Multi-Factor Authentication if he has not already configured it. CLICK STEP(S) Click the Privileged Identity Management tile.

15 Isaiah can now activate the request.
CLICK STEP(S) Click Global Administrator.

16 CLICK STEP(S) In the top navigation, click Activate.

17 Isaiah has to provide a business justification, which is logged for auditing.
CLICK STEP(S) Click in the Reason for role activation text box.

18 CLICK STEP(S) Click OK.

19 Isaiah is auto-approved for the requested access with an expiration time configured for that role.
CLICK STEP(S) Click Activate my roles.

20 Point out: Access valid till on the Global Administrator tile.
Now that Isaiah has activated the role, let’s see how this is reflected in the Audit History. CLICK STEP(S) In the upper right corner of the browsing session, click the minimize button.

21 Back in our global administrators portal, we can track the changes in privileged role assignments and role activation history. CLICK STEP(S) On the Manage privileged roles blade, click Audit history.

22 Point out: the business justification entered above, which is displayed in the Reasoning column.
The admin can see Isaiah requested access as a Global Administrator and the reasoning given. This information can be critical for auditing and forensic investigations. Closing remarks: With Azure Active Directory Privileged Identity Management, you can manage, control, and monitor access within your organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune. Organizations want to minimize the number of people who have access to secure information or resources, because that reduces the chance of a malicious user getting that access. However, users still need to carry out privileged operations in Azure, Office 365, or SaaS apps. Organizations give users privileged access in Azure AD without monitoring what those users are doing with their admin privileges. Azure AD Privileged Identity Management helps to resolve this risk. Azure AD Privileged Identity Management helps you: See which users are Azure AD administrators Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune Get reports about administrator access history and changes in administrator assignments Get alerts about access to a privileged role CLICK STEP(S) Click anywhere on the slide to end the presentation.

Download ppt "Identity Driven Security"

Similar presentations

Office of Program Development and Funding Electronic Grants Management System Tutorial #1: Creating a Grant Application.

Office of Program Development and Funding Electronic Grants Management System Tutorial #1: Creating a Grant Application.
Let’s Set Up Google. Open your Google Chrome Browser.

Let’s Set Up Google. Open your Google Chrome Browser.
Support.ebsco.com How to Create Search and Journal Alerts Tutorial.

Support.ebsco.com How to Create Search and Journal Alerts Tutorial.
FOR FACULTY Office of the Registrar Waitlisting Tutorial.

FOR FACULTY Office of the Registrar Waitlisting Tutorial.
Lead Management Tool Partner User Guide March 15, 2013

Lead Management Tool Partner User Guide March 15, 2013
External user invited This creates invitation in Access Request List Invitation email sent to guest with invitation URL Guest clicks URL. Verification.

External user invited This creates invitation in Access Request List Invitation sent to guest with invitation URL Guest clicks URL. Verification.
Web Center Training ©2003 Optimum Technology, Inc.

Web Center Training ©2003 Optimum Technology, Inc.
Introduces ePIRATE electronic Portal for Institutional Research at ECU East Carolina University Office for Human Research Integrity.

Introduces ePIRATE electronic Portal for Institutional Research at ECU East Carolina University Office for Human Research Integrity.
WESS Safety Authority WESS Module SA-2 SA Functions Modify Existing User Accounts.

WESS Safety Authority WESS Module SA-2 SA Functions Modify Existing User Accounts.
FHA Training Module 1 This document reflects current policy related to this topic. Its content is approved for use in all external and internal FHA-related.

FHA Training Module 1 This document reflects current policy related to this topic. Its content is approved for use in all external and internal FHA-related.
AZURE AD Haishi DX, 2016. Agenda Basic concepts Exercise 1: Creating a new Azure AD tenant and a new user Exercise 2: Enable web app Azure AD authentication.

AZURE AD Haishi DX, Agenda Basic concepts Exercise 1: Creating a new Azure AD tenant and a new user Exercise 2: Enable web app Azure AD authentication.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Office 365 Partner Admin Center Overview & Walkthrough

Office 365 Partner Admin Center Overview & Walkthrough
The Azure Security Dojo: Live!

The Azure Security Dojo: Live!
Digital Partner of Record Overview

Digital Partner of Record Overview
Modify Existing User Accounts

Modify Existing User Accounts
Password Reset Instructions

Password Reset Instructions
Modify Existing User Accounts

Modify Existing User Accounts
Hiring Center An Inside Look… Your inside look at the hiring center.

Hiring Center An Inside Look… Your inside look at the hiring center.
Respond to Advanced Threats with Risk Based Policies and Monitoring

Respond to Advanced Threats with Risk Based Policies and Monitoring

Similar presentations

Ads by Google