Azure AD Identity Protection is a feature that analyzes more than 10TB of behavioral and contextual data to detect and block attempts to attack your company’s Azure AD accounts. You can read about this in a previous blog post here: https://spanougakis.wordpress.com/2016/09/13/azuread-identity-protection-now-gets-enhanced-federation-support-and-is-available-in-europe/
Another great feature is the Azure AD PIM, which helps you:
- See which users are Azure AD administrators
- Enable on-demand, “just in time” administrative access to Microsoft Online Services like Office 365 and Intune
- Get reports about administrator access history and changes in administrator assignments
- Get alerts about access to a privileged role
Azure AD Privileged Identity Management can manage the built-in Azure AD organizational roles, including:
- Global Administrator
- Billing Administrator
- Service Administrator
- User Administrator
- Password Administrator
The new Just in time administrator access feature works like this: you have the option to create eligible admins, meaning that the user that needs admin access has to complete an activation process and becomes an admin for a predefined amount of time.
By using the Azure AD PIM feature you can check which users are admins and activate the Just-In-Time (JIT) privileged role assignment. In the following screenshot you can see that I can discover privileged roles and users:
So you can actually see that I have 3 Global Admins, 1 Privileged Role Administrator and 1 Security Administrator:
And now you can see that I’ve made a user to be eligible as a User Administrator for a maximum period of 24 hours:
You can also start an access review and make sure that your privileged accounts have the correct permissions:
For more details, you can check the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-privileged-identity-management-configure/
Thanks for your time!
1 Σχόλιο