DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Configure Azure AD Privileged Identity Management

Zero Trust model

  • The Zero Trust model states to never assume trust but instead to validate trust continually
  • With most users now accessing apps and data from the internet, most transaction components are no longer under organizational control
  • Trust determination components include:
    • Identity provider 
    • Device directory 
    • Policy evaluation service 
    • Access proxy  Alt text of image
  • Identity as a Service (IDaaS)—the new control plane
  • Our identity is like a control plane because it controls:
    • What protocols we interact with
    • Which organizations’ programs we can access  
    • What devices we can use to access them Alt text of image

Identity Management
On-premises Active Directory, Azure AD, or a hybrid combination of the two all offer services for user and device authentication, identity and role management, and provisioning
Credentials + privileges = digital identity

Azure AD Privileged Identity Management

  • Azure AD PIM is a service that enables you to manage, control, and monitor access to important resources in your organization
  • Key features of PIM allow you to:
    • Provide just-in-time privileged access to Azure AD
    • Assign time-bound access to resources
    • Require approval to activate privileged roles
    • Enforce multi-factor authentication (MFA) for role activation
    • Use justification to understand why users activate roles
    • Get notifications when privileged roles are activated
    • Conduct access reviews to ensure users still need roles
    • Download audit history

Configure PIM

  • The first person to use PIM in an instance of Azure AD is automatically assigned the Security Administrator and Privileged Role Administrator roles in the directory
  • Only privileged role administrators can manage Azure AD directory role assignments to users
  • To start using PIM in your directory, you must first enable PIM by using the Azure portal Alt text of image

Activate a role

  • With PIM enabled, access to privileged operations must be activated when the need to perform privileged actions arises
  • You can request activation by using the My roles navigation option in PIM
  • If the role does not require approval, it is activated and added to the list of active roles
  • After defining PIM roles, you can start adding users to those roles 

Alt text of image
Alt text of image

Monitor the status of your requests

  • You can view the status of your pending requests to activate a privileged role
  • To manage the request status, you should:
    1. Open Azure AD Privileged Identity Management
    2. Click My requests
    3. Scroll to the right to view the Request Status column

Alt text of image

Reminder:
Cybersecurity not just network security, it's also include application security and cloud security.

Top comments (0)